OPENSTACK EXPERIENCES IN AUSTRALIA2012Phil Rogers - CTO Aptira, and Tristan Goode - CEO Aptira
PRESENTATION AGENDAEstablishing a local community, the Australian OpenStack User Group (AOSUG)Australian Cloud uptake, the Data Sovereignty question, & OpenStack answersOur “Storage for Life” concept, time to get your data back, using OpenStack
INDIAN OPENSTACK USERS GROUP – FIRST MEETUP APRIL 5
BEGINNERS TIPS WE’VE LEARNT SO FAR1. Timing of sessions is important.2. Reach out wherever you can.3. Get vendors involved.4. Check the venue, and check it again.5. Under estimate RSVP numbers.6. Engage the serial RSVPers, (thanks Martin!)7. Beware of MeetUp.com calendar appointments!8. Sponsors and contributors should have priority.
AUSTRALIAN CLOUD UPTAKE, THE DATA SOVEREIGNTYQUESTION, AND OPENSTACK ANSWERS
DO THE RISKS OF CLOUD COMPUTING OUTWEIGH THE BENEFITS?41 per cent of organisations in Australiabelieve that the risks associated with Cloudcomputing – such as security, privacy andreliability, far outweigh any potentialbenefits.This may also be the case in other nations!
WHAT ABOUT GOVERNMENT CLOUD ADOPTION IN AUSTRALIA?
THE US PATRIOT ACTSection 217 of the Patriot Act permits US governmentinterception of the "communications of a computer trespasser"if the owner of a "protected computer" authorized thatsurveillance. The laws definition of "protected computer"includes systems "used in interstate or foreign commerce orcommunication”.The Electronic Privacy Information Centre did an analysis of thisprovision. It found the provision so broad that "protectedcomputer" could be interpreted to mean any computer!More information is available fromthe Electronic Privacy Information Centrehttp://epic.org/privacy/terrorism/usapatriot/
THE EUROPEAN LAUNCH OF OFFICE 365The question put forward to Microsofts managing director in theUK, Gordon Frazer:“Can Microsoft guarantee that EU-stored data, held in EU baseddata centers, will not leave the European Economic Area underany circumstances — even under a request by the Patriot Act?”He said:“Microsoft cannot provide those guarantees. Neither can anyother company.“
AUSTRALIAN LEGISLATION THAT WE NEED TO CONSIDER• Electronic Transactions Act 2003, Spam Act 2003• Cybercrime Act 2001• Copyright Amendment (Digital Agenda) Act 2000• Privacy Amendment (Private Sector) Act 2000• Privacy Act 1988, Archives Act 1983• Freedom of Information Act 1982, and Telecommunications (Interception) Act 1979
WHAT CAN FEDERATED CLOUD CAN DO FOR YOUR ORGANISATION• Using multiple clouds for different applications to match business needs• Allocating components of an application to different environments (e.g., compute vs. database tiers), whether internal or external (“application stretching”)• Moving an application to meet requirements at specific stages in its lifecycle, from early development through UAT, scale testing, pre- production and ultimately full production scenarios• Moving workloads closer to end users across geographic locations, including user groups within the enterprise, partners and external customers• Meeting peak demands efficiently in the cloud while the low steady-state is handled internally
HYBRID PUBLIC CLOUD SLIDE 1 Cross Realm Keystone Authentication PUBLIC CLOUD Common Platform Across Clouds • Seamlessly manage and move work loads and data between public and private cloudsKeystone • Sync/Move Swift containers between regions (clouds) PRIVATE CLOUD • Maintain a single user database
HYBRID PUBLIC CLOUD SLIDE 2 PUBLIC CLOUD Keystone Keystone Provider #1 PUBLIC CLOUD Provider #2 Cross Realm AuthenticationKeystone Choose what and where with the one PRIVATE CLOUD common management infrastructure. Take ownership of your data!
INTERCLOUD, USING OPENSTACK Provider #1 Customer Swift Swift Storage IaaS Proxies KeystoneUtilize region support so thatprovider #2 becomes a (virtual)extension to provider #1’s Proxy on Cross Realmenvironment. Customer can choose customers behalf Authenticationwhat region data is stored. The actualunderlying infrastructure iscompletely obscured to the endcustomer. They just see multipleregions within the one provider. Keystone Swift Swift Proxies Storage Provider #2
THE QUESTIONS• Where are all these Silos physically stored?• What events are they vulnerable to?• What access plan exists in the event I pass away? Can the executor of my estate secure proper title?• What legislation will apply to the use of my data?• Is my privacy at risk?How should one minimise these risks?
LETS BREAK THESE SILOS DOWN!• All your data in one place, that you choose.• Safe, secure, replicated to locations you choose, with your privacy preserved.• Transparently access all your data across devices via diverse client applications.• Data completely transportable between storage providers. No lock in.• I may now have a single Silo, but it’s very safe due to best practice DR considerations undertaken by your OpenStack provider! Here’s a start, My email stays with me....
MY EMAIL STAYS WITH ME• My email is no longer stored by my service provider. I control its location and storage limits.• If I change providers I don’t loose my old emails.• My service provider is just a conduit for delivery.• Same principle can be applied to photos, videos, and my social media presence A new Swift SMTP API The mail server vendor supports an API into Swift as an optional, per user backend for their mail system.
DELIVERY OF MY MAIL TO MY OWN SILO Someone sends me an email... MY DATARecipient Mail OpenStackServer Cluster Provider #1 SMTP API Storage API OpenStack Provider #2 THE INTERNET Traditional OpenStack Mail Storage Provider #3 at the ISP
BENEFITS• ISP’s are relieved of massive storage costs.• ISP’s storage restrictions removed from end user.• The ability to support a tolling system - pay for what you use.• Improved redundancy with storage providers using zoning to keep data safe.• Superior proximity connections – connecting to the storage supplier nearest to you or that you deem most suitable.• Easier transport of the data resulting from its aggregation.• Possible future potential for direct Swift to Swift transfer of large data, triggered by an SMTP based smart signal.
SOCIAL MEDIA – YOU CONTROL YOUR DATA I control access MY DATA, to my data! portable to any storage provider I choose OpenStack Provider #1 SOCIAL MEDIA API OpenStack Provider #2 OpenStack Provider #3
TO SUM UPIt’s OUR data, not THEIR data.Lets build OpenStack to ensure wecan always own OUR data!(with a nod to Geoff Huston) @aptiraThank you! http://aptira.comcheers, Aptira.is it really too early for beer? email@example.comTristan and Phil would like to thank Katrina, Kavit, Justin, Iain, Evan, Corrine, Tom F and StevenM, Andy, Gab, Mark R, James W, John D, Stefano, Skeeve and of course all our wonderful members of theAustralian OpenStack User Group, for making this possible!