Ensure the security of your HCL environment by applying the Zero Trust princi...
Cloud Ubuntu Open Stack Private Cloud
1. Private Cloud on Ubuntu OpenStack
From POC to Production
TAKING THE LEAP
2. CONTENTS
01 Introduction
03 What’s the fastest, easiest way to deploy
Ubuntu OpenStack for production use?
04 How can I minimise cloud deployment risks?
06 How can I be sure that my cloud will deliver
constant uptime for my mission-critical apps?
08 What is the best way to scale out my production
cloud and add new workloads?
09 How can I manage and monitor my production
cloud effectively?
10 How flexible is OpenStack if I want to customise it?
11 Can I integrate an Ubuntu OpenStack production
cloud with my existing virtualised infrastructure?
12 What are the organisational challenges I need to
overcome to deploy a production cloud?
13 Next steps
Your Ubuntu OpenStack private
cloud from POC to Production
With Ubuntu OpenStack, you can deploy a cloud infrastructure
on your laptop or on a small group of test machines to get
your cloud strategy underway. However, the test environment
is a lot smaller and a lot simpler than a production cloud, which
means a proof of concept can only take you part of the way.
To make the transition from an Ubuntu OpenStack POC to
private cloud in production, you have to be fully prepared
for the organisational and technical complexity that a cloud
infrastructure introduces to your organisation. Are you sure,
for example, that the teams that currently manage network,
compute and storage resources are integrated enough to
support a private cloud infrastructure? Can your proposed
cloud architecture guarantee constant uptime for mission-critical
IT services across a range of departments and locations?
Do you have appropriate technical and end-user support in
place? And can you scale and manage your cloud effectively
to support future requirements and business growth?
While complexity is always a major challenge in new
production cloud deployments, there are lots of measures you
can take to ensure that your cloud strategy meets the needs
of your business from day one. First of all, it’s worth consulting
with technology partners, such as Canonical, who have
deployed hundreds of private clouds, and encountered, and
overcome, many of the possible pitfalls. In addition, you can
benefit from innovative Ubuntu cloud tools that simplify cloud
deployment, service orchestration, and other key processes.
Finally, there’s enterprise support available from Canonical to
help you ensure that your cloud services meet stringent SLAs
for quality and performance.
3. FAQ 1:
WHAT’S THE FASTEST, EASIEST WAY TO DEPLOY UBUNTU OPENSTACK
FOR PRODUCTION USE?
When you transition from a POC to production, complexity increases by orders
of magnitude. As the number of infrastructure elements, interrelationships
and cloud services increases, it becomes more difficult to manage the cloud
and to understand the issues that typically impact performance.
As an additional challenge, the key elements of OpenStack, from the MySQL
database to the message queue and cloud controller, can be complex to
deploy and integrate. Failure to create the right relationships between cloud
components can also negatively affect the performance of your cloud.
To ensure that all elements of your cloud infrastructure work together
seamlessly and provide the performance you need, Canonical has created a
reference architecture that helps you build a cloud based on industry best
practices. To access this reference architecture, which has ensured success
for hundreds of cloud deployments globally, please visit:
www.ubuntu.com/cloud/cloud-tools/reference-architecture
To deploy your cloud faster, minimise deployment complexity and risk,
Canonical has also developed a range of intuitive, efficient deployment and
management tools. Among these are:
MAAS
Our hardware provisioning technology which is built into Ubuntu Server. This
allows you to turn a collection of networked servers into a cluster on which you
can deploy OpenStack quickly and simply. For more information, please visit:
www.ubuntu.com/cloud/cloud-tools/maas
Juju
Our service orchestration tool. This allows you to deploy resources and services
in the cloud and establish relationships between them quickly and simply
using pre-written ‘Juju charms’, which package all the information needed
to deploy, provision and scale services. For more information, please visit:
www.ubuntu.com/cloud/cloud-tools/juju
The real cloud-building magic happens when you use MAAS and Juju together
to deploy an OpenStack cloud on a cluster of bare-metal servers. Once the
physical servers are powered up and connected to the network, MAAS detects
them and begins the installation of the base OS, before handing over to Juju to
complete their transition into an OpenStack cloud. A process you might expect
to take hours or days can be completed in a matter of minutes.
03
4. CHOOSE FROM THREE CLOUD SIZES… TO SUIT YOUR PHYSICAL SERVERS
FAQ 2:
HOW CAN I MINIMISE CLOUD DEPLOYMENT RISKS?
For most organisations deploying an Ubuntu OpenStack private cloud, it’s the
first time, and this lack of experience increases risk. In particular, it can be difficult
to ensure that your cloud architecture will scale effectively and deliver the
excellent service levels you need.
To minimise risk, many organisations choose to work with Canonical, which has
deployed many clouds in production. We can help you minimise risk for your own
deployment in a number of ways.
First, our Jumpstart service helps you build a small test cloud in just five days
if you haven’t already done it yourself. With Jumpstart, you get the benefit of
Canonical’s cloud-building expertise, and you can play with the environment to
your heart’s content before you make the leap to production. We also give you
30 days of support with Jumpstart to help you address any issues that come up.
For more information on our Jumpstart service, please visit:
www.ubuntu.com/cloud/cloud-tools/jumpstart
If you’re ready to deploy your cloud in production, we offer bespoke
engagements to help you minimise risks. We help you architect, plan, deploy and
manage your production cloud effectively from day one, and you can choose to
add up to a year of support to the package. Our cloud-building experience means
that we can help you deploy and scale your cloud in the best possible way, and
meet your end users’ service level requirements.
If you are planning to make the transition to production yourself, you can still
benefit from our Ubuntu Advantage support service. This gives you phone-based
access to skilled Ubuntu engineers who played a key role in the development of
OpenStack. Ubuntu Advantage comes in three sizes: small for clouds up to 100
physical servers, medium for 100 to 500, and large for clouds with more than
500. If you choose to subscribe to Ubuntu Advantage, you’ll also get access to
our Landscape systems management and monitoring tool, which helps simplify
management of your cloud infrastructure and instances. For more information,
please visit: www.ubuntu.com/cloud/management
If your cloud is extremely large, Canonical can help you reduce deployment risk by
providing a dedicated service engineer (DSE) or technical account manager (TAM).
These dedicated support engineers understand your specific environment and
give you a single point of contact for any issues that arise. DSEs are dedicated to
just one customer, while TAMs are shared between a small number of customers
to reduce costs. For more information on DSEs, TAMs, and other UA components,
please visit: www.ubuntu.com/management/ubuntu-advantage
04 05
5. WORKLOADS SAFELY MOVED… UNTIL MAINTENANCE COMPLETED
FAQ 3:
HOW CAN I BE SURE THAT MY CLOUD WILL DELIVER CONSTANT
UPTIME FOR MY MISSION-CRITICAL APPS?
Cloud POCs typically have little or no redundancy built in, which means a failure
in any part of the architecture can cause unplanned downtime to critical IT
services. To build an effective production cloud, all single points of failure must
be designed out to ensure critical services are constantly available.
This concept, which is sometimes called ‘design for failure’, means doubling up
all your cloud infrastructure elements and services, which can be a highly complex
proposition. It is necessary, for example, to provision the required compute,
network and storage resources, spin up servers, deploy services and stand-by
services, and create complex relationships between them. Doubling up resources
and services in an ad hoc way, though, will increase demands on your IT team in
terms of deployment, configuration, management and support.
To help you build a high-availability cloud, while minimising manual
administration, you can use Juju, which makes it faster and simpler to deploy
cloud services, double them up to ensure redundancy, and create the required
relationships for effective failover between them. In addition, our Landscape
systems management and monitoring tool gives you a way to monitor all
the instances and services in your cloud, and manage multiple servers and
machines quickly with a few clicks of the mouse, helping you significantly reduce
management overheads.
Finally, but equally importantly, Ubuntu OpenStack infrastructure provides
innovative features to ensure that your cloud services remain constantly available.
These include the ‘node evacuation’ feature, which keeps your cloud running
normally if a component should fail or to move workloads to other nodes whilst
maintenance is performed.
06 07
6. JUJU MAKES IT SIMPLER AND FASTER TO DEPLOY CLOUD SERVICES
FAQ 4:
WHAT IS THE BEST WAY TO SCALE OUT MY PRODUCTION CLOUD
AND ADD NEW WORKLOADS?
Cloud-based apps can have a number of layers: typically a front-end load balancer,
a middleware web engine, and a back-end database. In some cloud environments,
it’s necessary to write custom scripts to deploy each of these elements, and more
code to create the required relationships between them.
With Juju however, the process of deploying applications (workloads) in the cloud
and scaling out existing resources and services, becomes far easier.
To achieve this, Juju pulls all the information needed to deploy and orchestrate
services in the cloud from pre-written Juju charms. These contain all the
information needed on how best to deploy the software or service you want,
without you having to read any manuals on the constituent parts of your app
or service. Once you’ve deployed all the elements needed for your service, you
can use Juju to add relationships between them. In other words, there’s one
command to spin up the front-end load balancer, another for the middleware,
another for the database layer, and another to link them together the right way.
By automating service deployment and orchestration, Canonical estimates that
Juju condenses typical deployment times for an app by a factor of ten, from
hours to just minutes. Juju also eliminates the need to build and maintain a library
of instances for different Ubuntu instances and cloud services, and serves as
documentation for all services deployed in the cloud.
FAQ 5:
HOW CAN I MANAGE AND MONITOR MY PRODUCTION CLOUD EFFECTIVELY?
In a traditional datacentre environment, it’s usually quite clear what hardware is
supporting what applications, which makes the environment easier to manage.
In the cloud, however, an application could be running on virtualised machines
on any number of physical devices, which brings specific management challenges,
especially as the number of instances and services deployed in the cloud is
constantly changing.
To increase visibility and control of Ubuntu OpenStack private production clouds,
Canonical has developed our Landscape systems management and monitoring
tool. This allows administrators to manage and update individual virtual machines
or multiple machines centrally, through a single, intuitive management console.
Every time a new instance is deployed in the cloud, it is registered in Landscape.
This makes it simple to see how virtual machines are performing and where
applications and services are running, without excessive manual administration.
For more information on Landscape, please visit: www.ubuntu.com/management
08 09
7. FAQ 6:
HOW FLEXIBLE IS OPENSTACK IF I WANT TO CUSTOMISE IT?
The whole point about Ubuntu OpenStack clouds is that they are open. This
means you are never tied in to a particular technology or vendor. However, if
you want to swap out an element of OpenStack for an alternative technology,
for example, the object storage environment or the authentication mechanism,
it requires some additional planning and resources.
Many customers, for example, choose to replace the SWIFT object storage
component of OpenStack with Ceph, which offers a more feature-rich
experience, and some want to point OpenStack to their existing platform
(EMC or other). At the same time, other customers prefer to use their existing
virtualised server environment as their cloud hypervisor, instead of KVM, the
most common OpenStack hypervisor.
Another common change people make is to authenticate through their existing
Microsoft Active Directory. It is relatively fast and simple to integrate Active
Directory with Keystone, OpenStack’s standard authentication engine.
While substituting OpenStack standard technologies for alternative components
currently requires minimal manual effort, Canonical is busy developing a new
installer that will automate the process completely. You’ll be able to choose to
deploy OpenStack on Ubuntu with the specific technologies you want – and
deploy your customised cloud infrastructure with just a few clicks.
FAQ 7:
CAN I INTEGRATE AN UBUNTU OPENSTACK PRODUCTION CLOUD
WITH MY EXISTING VIRTUALISED INFRASTRUCTURE?
A lot of customers ask whether they can deploy an Ubuntu OpenStack cloud
alongside their existing proprietary cloud or virtualised server infrastructure.
There are many reasons for wanting to do this, from increasing available
capacity or compute resources without additional software licensing fees, to
maximising returns on existing investments in virtual infrastructure. For some
customers, it can also be the first step for migrating to end-to-end open-source
cloud infrastructure.
Because Ubuntu OpenStack cloud infrastructure is built on open-source
technologies and compatible with established standards such as Amazon EC2
and OpenStack APIs, it can work alongside an array of other cloud infrastructure.
This gives you the freedom to move between cloud providers, or create a ‘hybrid
cloud’ to push private workloads out to public clouds on demand.
If you want to integrate your new Ubuntu OpenStack production cloud with
your existing virtualised infrastructure, this is also possible. For example,
Canonical along with VMware has developed new features that support
seamless integration of Ubuntu OpenStack cloud infrastructure with VMware.
This will allow Ubuntu OpenStack to use VMware technology servers as their
compute platform.
10 11
8. FAQ 8:
WHAT ARE THE ORGANISATIONAL CHALLENGES I NEED TO OVERCOME
TO DEPLOY A PRODUCTION CLOUD?
Cloud deployments are fraught with organisational and political issues. For
example, different technical teams that manage networks, compute resources
and storage must work together seamlessly, irrespective of their location.
What’s more, the technical team must be able to demonstrate that cloud-based
systems comply with the required corporate policies and security standards,
which is much more difficult with workloads distributed across multiple physical
machines and locations.
Overcoming these challenges requires organisations to carefully map existing
processes and required changes, and conduct thorough risk assessments.
In addition, cloud builders must carefully evaluate security requirements, and
use OpenStack to create the required physical and logical divisions between
internal and public-facing systems, and sensitive systems and data in distinct
departments, such as finance and accounting.
Because Canonical has a wealth of experience in cloud deployment, we can
help our customers architect clouds that meet specific security requirements.
In addition, we can provide support for process re-engineering and training
to ensure that all members of the technical team are able to support the new
cloud environment and end users effectively.
Next steps
The complexity of deploying a full-featured Ubuntu
OpenStack production private cloud is not to be
underestimated. However, success can be achieved by
mitigating complexity and risk wherever possible, minimising
manual administration, and ensuring that clouds can
deliver excellent service levels at scale. While Ubuntu tools
such as MAAS and Juju can help to minimise deployment
complexity, there’s no substitute for experience. That’s
why we recommend that you work with Canonical to ensure
that you cloud meets service level requirements from the
earliest days of deployment.
If you would like more information about any of the
subjects discussed in this paper, or if you would like to
consult with Canonical to ensure the success of your cloud
strategy as you move to production, please contact us at
www.ubuntu.com/cloud/contact-us
12