Infrastructure as a Service      Nathanael I Burton      National Security Agency            20 April 2013
2
National Security Agency        IT ChallengesPrivate, IaaS Cloud – OpenStack                                  3
Number of users:Number of systems:Number of servers:Storage capacity:Applications used:Favorite color:                     4
http://www.nsa.gov/about/_images/pg_hi_res/NeverSleeps_071310.jpg                                                         ...
6
Signals IntelligenceInformation Assurance                        7
Computer Science      Mathematics      CryptanalysisForeign language analysis                            8
All the Technologies!    Commercial    Open Source     In-House                        9
http://www.flickr.com/photos/dexxus/5454005272   10
Big Data           11
HadoopAccumulo• Developed by NSA• Inspired by Google BigTable Paper• Open Source, Apache Software FoundationImages: Licens...
Manually Intensive                                       SOMEDAY YOU’LL BE A UNICORN!                       Stovepipes of ...
I have an idea!http://www.flickr.com/photos/goopymart/8521955193                                                    14
http://www.flickr.com/photos/ipdegirl/7827785878http://www.flickr.com/photos/andresrueda/3259487071http://commons.wikimedi...
Weeks or months    later…                  16
What was my idea     again?                   17
Too much time from idea to capabilityNeeded scale, agility                        18
Lower barriers to entry  Self-service, on-demand           Elastic         API accessPrivate OpenStack IaaS Cloud         ...
Diablo Summit  Two mad scientistsRepurposed Stole a rack         Lab                          20
Try out OpenStack   Offer flexible hostingAutomate lab infrastructure                              21
Working Pilot in two weeks:•   Cactus•   API / CLI•   10’s of users•   Improved service delivery timeLimited capabilities:...
http://www.flickr.com/photos/origamiancy/6137629982                                                      23
Let’s go bigger!                   24
More hardwareMore usersMore use casesMore data  http://www.flickr.com/photos/goopymart/616618169                          ...
Co-located with Big Data systemStarted with half rackAccess to mission dataUse cases:• RDBMs• Web applications• Non-Hadoop...
100’s of users   “Fail fast” modelGenerous with capacity    Huge potential                         27
MORE unicorns!http://commons.wikimedia.org/wiki/File:Invisible_Pink_Unicorn.svg   28
Productionhttp://commons.wikimedia.org/wiki/File:Compass_Barnstar_Hires.png                                               ...
Puppet / Kickstart• Installation• Configuration• Enforcement• ManagementBare metal to OpenStack in 20 minutes!            ...
Harden the system:• Operating System• OpenStack APIs• Database• Message Queue• Guest OS      SSL Everywhere!              ...
Amazon, Dreamhost, Rackspace …                          NSA  http://www.flickr.com/photos/9731367@N02/7113235069         32
Have PKI? You’re in!Auto-account creation                        33
http://www.flickr.com/photos/goopymart/6917974213/http://commons.wikimedia.org/wiki/File:Unicorn_llama.jpghttp://commons.w...
Opened for general availability:• Silent launch, viral growth:  – 100’s of users in first weeks• Production workloads• Mig...
Development patterns:• “In a box” recipes• System lifecycle• Common environment• Better collaboration• Better development ...
We broke thingsChange or eliminate process    Rethink problems                              37
Agility      Flexibility      ScalabilityBetter mission systems!                          38
Win Win!http://www.flickr.com/photos/goopymart/3125898045                                                    39
Lowering risk,           while increasing flexibility•   Trust but verify•   Security•   Accountability•   Central reporti...
41
Continued growth, scaling    Folsom to Grizzly ++ Open source contributionsMore community participation       We’re Hiring...
Nathanael I BurtonNational Security Agency      20 April 2013
Upcoming SlideShare
Loading in …5
×

OpenStack NSA

1,186 views

Published on

Published in: Technology, Sports
  • Be the first to comment

  • Be the first to like this

OpenStack NSA

  1. 1. Infrastructure as a Service Nathanael I Burton National Security Agency 20 April 2013
  2. 2. 2
  3. 3. National Security Agency IT ChallengesPrivate, IaaS Cloud – OpenStack 3
  4. 4. Number of users:Number of systems:Number of servers:Storage capacity:Applications used:Favorite color: 4
  5. 5. http://www.nsa.gov/about/_images/pg_hi_res/NeverSleeps_071310.jpg 5
  6. 6. 6
  7. 7. Signals IntelligenceInformation Assurance 7
  8. 8. Computer Science Mathematics CryptanalysisForeign language analysis 8
  9. 9. All the Technologies! Commercial Open Source In-House 9
  10. 10. http://www.flickr.com/photos/dexxus/5454005272 10
  11. 11. Big Data 11
  12. 12. HadoopAccumulo• Developed by NSA• Inspired by Google BigTable Paper• Open Source, Apache Software FoundationImages: Licensed under the Apache License, Version 2.0Apache Hadoop , Apache Accumulo are trademarks of the Apache Software Foundation 12
  13. 13. Manually Intensive SOMEDAY YOU’LL BE A UNICORN! Stovepipes of Excellence!http://commons.wikimedia.org/wiki/File:Biandintz_eta_zaldiak_-_modified2.jpghttp://commons.wikimedia.org/wiki/File:Traffic_cone.png 13
  14. 14. I have an idea!http://www.flickr.com/photos/goopymart/8521955193 14
  15. 15. http://www.flickr.com/photos/ipdegirl/7827785878http://www.flickr.com/photos/andresrueda/3259487071http://commons.wikimedia.org/wiki/File:Board-Meeting.png 15
  16. 16. Weeks or months later… 16
  17. 17. What was my idea again? 17
  18. 18. Too much time from idea to capabilityNeeded scale, agility 18
  19. 19. Lower barriers to entry Self-service, on-demand Elastic API accessPrivate OpenStack IaaS Cloud 19
  20. 20. Diablo Summit Two mad scientistsRepurposed Stole a rack Lab 20
  21. 21. Try out OpenStack Offer flexible hostingAutomate lab infrastructure 21
  22. 22. Working Pilot in two weeks:• Cactus• API / CLI• 10’s of users• Improved service delivery timeLimited capabilities:• Lab• Firewall / network isolation• Toys 22
  23. 23. http://www.flickr.com/photos/origamiancy/6137629982 23
  24. 24. Let’s go bigger! 24
  25. 25. More hardwareMore usersMore use casesMore data http://www.flickr.com/photos/goopymart/616618169 25
  26. 26. Co-located with Big Data systemStarted with half rackAccess to mission dataUse cases:• RDBMs• Web applications• Non-Hadoop processing 26
  27. 27. 100’s of users “Fail fast” modelGenerous with capacity Huge potential 27
  28. 28. MORE unicorns!http://commons.wikimedia.org/wiki/File:Invisible_Pink_Unicorn.svg 28
  29. 29. Productionhttp://commons.wikimedia.org/wiki/File:Compass_Barnstar_Hires.png 29
  30. 30. Puppet / Kickstart• Installation• Configuration• Enforcement• ManagementBare metal to OpenStack in 20 minutes! 30
  31. 31. Harden the system:• Operating System• OpenStack APIs• Database• Message Queue• Guest OS SSL Everywhere! 31
  32. 32. Amazon, Dreamhost, Rackspace … NSA http://www.flickr.com/photos/9731367@N02/7113235069 32
  33. 33. Have PKI? You’re in!Auto-account creation 33
  34. 34. http://www.flickr.com/photos/goopymart/6917974213/http://commons.wikimedia.org/wiki/File:Unicorn_llama.jpghttp://commons.wikimedia.org/wiki/File:Zebra_%28PSF%29.pnghttp://www.flickr.com/photos/bulius/4839345269 34
  35. 35. Opened for general availability:• Silent launch, viral growth: – 100’s of users in first weeks• Production workloads• Migrated from Diablo to Folsom Still managed by a small team! 35
  36. 36. Development patterns:• “In a box” recipes• System lifecycle• Common environment• Better collaboration• Better development 36
  37. 37. We broke thingsChange or eliminate process Rethink problems 37
  38. 38. Agility Flexibility ScalabilityBetter mission systems! 38
  39. 39. Win Win!http://www.flickr.com/photos/goopymart/3125898045 39
  40. 40. Lowering risk, while increasing flexibility• Trust but verify• Security• Accountability• Central reporting• Logging• Metrics• APIs on everything 40
  41. 41. 41
  42. 42. Continued growth, scaling Folsom to Grizzly ++ Open source contributionsMore community participation We’re Hiring! 42
  43. 43. Nathanael I BurtonNational Security Agency 20 April 2013

×