Building a European PaaS | anynines

429 views

Published on

This talks explains why there should be a European Cloud and how to build it. Sharing, the foundation of every Cloud leads to the question why not share IaaS and PaaS globally? Looking at latest security news in conjunction with having a look at Safe Harbour and Patriot Act leads to the question where to draw the line between security and freedom. Building a European cloud helps to allow European customers to draw their own line. OpenStack and Cloud Foundry are suitable open source technologies to build such a cloud.

Published in: Technology, News & Politics
  • Be the first to comment

  • Be the first to like this

Building a European PaaS | anynines

  1. 1. Building a European Cloud Mittwoch, 16. Oktober 13
  2. 2. European Cloud? Mittwoch, 16. Oktober 13
  3. 3. Hungarian Cloud? Mittwoch, 16. Oktober 13
  4. 4. Budapest Cloud? Mittwoch, 16. Oktober 13
  5. 5. Your personal Cloud?? Mittwoch, 16. Oktober 13
  6. 6. The cloud is about sharing. Mittwoch, 16. Oktober 13
  7. 7. Spare capacity, Virtualization, Share spare capacity Pay as you go Mittwoch, 16. Oktober 13
  8. 8. So why not share globally? Mittwoch, 16. Oktober 13
  9. 9. Privacy Mittwoch, 16. Oktober 13
  10. 10. Any transfer of personal data of EU citizen to a non-EU state with a lower data privacy level compared to EU standards is prohibited. - Directive 95/46/EC Mittwoch, 16. Oktober 13
  11. 11. EU Safe Harbor Mittwoch, 16. Oktober 13
  12. 12. • is a EU directive • regulates the processing of personal data within the European Union Mittwoch, 16. Oktober 13
  13. 13. U.S. - EU Safe Harbor Mittwoch, 16. Oktober 13
  14. 14. • Self(!)-certification process • = swear to the United States Department of Commerce to comply to EU privacy laws Mittwoch, 16. Oktober 13
  15. 15. A memo from the EU commision: Mittwoch, 16. Oktober 13
  16. 16. "The Safe Harbour agreement may not be so safe after all." European Commission MEMO/13/710 19/07/2013 http://rh.gd/1hBKIrf Mittwoch, 16. Oktober 13
  17. 17. Patriot Act Mittwoch, 16. Oktober 13
  18. 18. "Uniting (and) Strengthening America (by) Providing Appropriate Tools Required (to) Intercept (and) Obstruct Terrorism Act of 2001." Mittwoch, 16. Oktober 13
  19. 19. • United States federal law • Significantly enhanced and broadened federal government powers in the realm of  • Electronic Surveillance  • Anti-money laundering  • Border Security, ... Mittwoch, 16. Oktober 13
  20. 20. 10 Titles of the Patriot Act Mittwoch, 16. Oktober 13
  21. 21. • Title I: Enhancing domestic security against terrorism • Title II: Surveillance procedures • Title III: Anti-money-laundering to prevent terrorism • Title IV: Border security • Title V: Removing obstacles to investigating terrorism • Title VI: Victims and families of victims of terrorism • Title VII: Increased information sharing for critical infrastructure protection • Title VIII: Terrorism criminal law • Title IX: Improved Intelligence • Title X: Miscellaneous           Mittwoch, 16. Oktober 13
  22. 22. Patriot Act beats Safe Harbor Mittwoch, 16. Oktober 13
  23. 23. Where security meets freedom Mittwoch, 16. Oktober 13
  24. 24. The story of lavabit.com Mittwoch, 16. Oktober 13
  25. 25. • Encrypted email service (*2004) by Ladar Levison • Used by Edward Snowden • Ordered to turn over its SSL private key Mittwoch, 16. Oktober 13
  26. 26. Levison's was put to the decision: shutdown or “become complicit in crimes against the American people”. Mittwoch, 16. Oktober 13
  27. 27. Lavabit.com was shut down on August 8, 2013 Mittwoch, 16. Oktober 13
  28. 28. "This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States". - Ladar Levison, Lavabit.com Mittwoch, 16. Oktober 13
  29. 29. • It's not about having data on European servers • It's not about having a European company Mittwoch, 16. Oktober 13
  30. 30. It‘s about staying completely off any US provider and don‘t tie to the US in person or with your company. Mittwoch, 16. Oktober 13
  31. 31. Relying on open source software is a good choice, too. Mittwoch, 16. Oktober 13
  32. 32. How to build a European cloud? Mittwoch, 16. Oktober 13
  33. 33. Cloud Building Mittwoch, 16. Oktober 13
  34. 34. Cloud, a term that has been overdone Mittwoch, 16. Oktober 13
  35. 35. IaaS PaaS SaaS Mittwoch, 16. Oktober 13
  36. 36. IaaS PaaS SaaS Mittwoch, 16. Oktober 13
  37. 37. A 2013 proposal for an open source based Cloud Mittwoch, 16. Oktober 13
  38. 38. Mittwoch, 16. Oktober 13
  39. 39. Hardware Mittwoch, 16. Oktober 13
  40. 40. Infrastructure as a Service (IaaS) Servers, Network, Storage Hardware Mittwoch, 16. Oktober 13
  41. 41. PaaS (PaaS) VMs, Network, Storage Infrastructure as a Service (IaaS) Servers, Network, Storage Hardware Mittwoch, 16. Oktober 13
  42. 42. Applications CF API (deploy, scale, services, ...) PaaS (PaaS) VMs, Network, Storage Infrastructure as a Service (IaaS) Servers, Network, Storage Hardware Mittwoch, 16. Oktober 13
  43. 43. Mittwoch, 16. Oktober 13
  44. 44. Hardware Mittwoch, 16. Oktober 13
  45. 45. OpenStack (IaaS) Servers, Network, Storage Hardware Mittwoch, 16. Oktober 13
  46. 46. Cloud Foundry (PaaS) VMs, Network, Storage OpenStack (IaaS) Servers, Network, Storage Hardware Mittwoch, 16. Oktober 13
  47. 47. Applications CF API (deploy, scale, services, ...) Cloud Foundry (PaaS) VMs, Network, Storage OpenStack (IaaS) Servers, Network, Storage Hardware Mittwoch, 16. Oktober 13
  48. 48. OpenStack Mittwoch, 16. Oktober 13
  49. 49. OpenStack architecture Mittwoch, 16. Oktober 13
  50. 50. Key-Stone Mittwoch, 16. Oktober 13
  51. 51. Nova Mittwoch, 16. Oktober 13
  52. 52. Glance Mittwoch, 16. Oktober 13
  53. 53. Cinder Mittwoch, 16. Oktober 13
  54. 54. Swift Mittwoch, 16. Oktober 13
  55. 55. Neutron Mittwoch, 16. Oktober 13
  56. 56. OpenStack provides us an IaaS ready to deploy Cloud Foundry. Mittwoch, 16. Oktober 13
  57. 57. Cloud Foundry Mittwoch, 16. Oktober 13
  58. 58. • CF = large distributed system • Inner shell vs. outer shell • Bosh = Bosh outer shell > deploy CF Mittwoch, 16. Oktober 13
  59. 59. Simplified Cloud Foundry Architecture Mittwoch, 16. Oktober 13
  60. 60. API request Router Router Droplet request DEA DEA DEA DEA DEA Router Cloud Controller Droplet change notifications Request droplet start/stop Droplet heartbeat & exit messages Router Health Manager Get desired states Droplet / Service metadata Cloud Controller Database Consume a service Service Services Services (e.g. MySQL) Services (e.g. MySQL) (e.g. MySQL) (e.g. MySQL) Mittwoch, 16. Oktober 13
  61. 61. Cloud Controller API request Router Router Droplet request DEA DEA DEA DEA DEA Router Cloud Controller Droplet change notifications Request droplet start/stop • Offers the CF API endpoint • System authority for issuing commands Droplet heartbeat & exit messages Router Health Manager Get desired states Droplet / Service metadata Cloud Controller Database • Start apps • Create service • Binding services Consume a service Service Services Services (e.g. MySQL) Services (e.g. MySQL) (e.g. MySQL) (e.g. MySQL) Mittwoch, 16. Oktober 13
  62. 62. DEA API request Router Router Droplet request DEA DEA DEA DEA DEA Router Cloud Controller Droplet change notifications Request droplet start/stop Droplet heartbeat & exit messages Router Health Manager Get desired states Droplet / Service metadata Cloud Controller Database Consume a service Service Services Services (e.g. MySQL) Services (e.g. MySQL) (e.g. MySQL) (e.g. MySQL) Mittwoch, 16. Oktober 13 • droplet = dea.staging(app_code) • Staging = executing buildpacks • Warden • Starts and runs droplets
  63. 63. Health Manager API request Router Router Droplet request DEA DEA DEA DEA DEA Router Cloud Controller Droplet change notifications Request droplet start/stop Droplet heartbeat & exit messages • compares desired system state Router Health Manager with actual system state Get desired states Droplet / Service metadata Cloud Controller Database Consume a service Service Services Services (e.g. MySQL) Services (e.g. MySQL) (e.g. MySQL) (e.g. MySQL) Mittwoch, 16. Oktober 13 • sends advice to CC • CC acts
  64. 64. Router API request Router Router Droplet request DEA DEA DEA DEA DEA Router Cloud Controller Droplet change notifications Request droplet start/stop Droplet heartbeat & exit messages Get desired states Droplet / Service metadata Consume a service Service Services Services (e.g. MySQL) Services (e.g. MySQL) (e.g. MySQL) (e.g. MySQL) Mittwoch, 16. Oktober 13 app instances are • routes incoming requests to Router Health Manager Cloud Controller Database • knows on which DEAs your the right DEAs
  65. 65. Services API request Router Router Droplet request DEA DEA DEA DEA DEA Router Cloud Controller Droplet change notifications Request droplet start/stop Droplet heartbeat & exit messages Router Health Manager Get desired states Droplet / Service metadata Cloud Controller Database Consume a service Service Services Services (e.g. MySQL) Services (e.g. MySQL) (e.g. MySQL) (e.g. MySQL) Mittwoch, 16. Oktober 13 • Create service = provision • Bind = create credentials • Apps bind to services • Credentials as ENV variables
  66. 66. What you get? Mittwoch, 16. Oktober 13
  67. 67. Mittwoch, 16. Oktober 13
  68. 68. Questions? Mittwoch, 16. Oktober 13
  69. 69. Thank you! Mittwoch, 16. Oktober 13
  70. 70. Code require "fileutils" require "find" require "fog" class Blobstore   def initialize(connection_config, directory_key, cdn=nil, root_dir=nil)     @root_dir = root_dir     @connection_config = connection_config     @directory_key = directory_key     @cdn = cdn   end   def local?     @connection_config[:provider].downcase == "local"   end   def exists?(key)     !file(key).nil?   end   def download_from_blobstore(source_key, destination_path)     FileUtils.mkdir_p(File.dirname(destination_path))     File.open(destination_path, "w") do |file|       (@cdn || files).get(partitioned_key(source_key)) do |*chunk|         file.write(chunk[0])       end     end   end   def cp_r_to_blobstore(source_dir)     Find.find(source_dir).each do |path|       next unless File.file?(path)       sha1 = Digest::SHA1.file(path).hexdigest       next if exists?(sha1)       cp_to_blobstore(path, sha1)     end   end   def cp_to_blobstore(source_path, destination_key)     File.open(source_path) do |file| Mittwoch, 16. Oktober 13

×