Eucalyptus 3: The Next Generations in Enterprise and Hybrid Clouds
-
Upload
eucalyptus-systems-inc -
Category
Technology
-
view
545 -
download
0
Transcript of Eucalyptus 3: The Next Generations in Enterprise and Hybrid Clouds
© 2011 Eucalyptus Systems, Inc.
Eucalyptus 3
the Next Generation in
Enterprise and Hybrid Clouds
Govind Rangasamy
Director, Product Management
© 2011 Eucalyptus Systems, Inc.
Key takeaways
• Eucalyptus Infrastructure-as-a-Service
• What’s new in Eucalyptus 3?
• What we see in the hybrid world?
• What Eucalyptus offers for the hybrid IT world?
© 2011 Eucalyptus Systems, Inc.
Eucalyptus Overview
• Most widely-deployed software platform for on-premise (private) Infrastructure as a Service (IaaS) clouds
• 25,000+ cloud starts to date and growing
• AWS-compatible, enterprise-deployed
• Deep cloud partner and AWS ecosystem
• Open source developed
• Gartner-recognized as major IaaS provider
© 2011 Eucalyptus Systems, Inc.
Platform Data Center
Automation
Cloud
Services
Cloud
Services
Management
Over 150 Registered Partners
Leverage AWS Partner Ecosystem
Deep Partner Ecosystem
© 2011 Eucalyptus Systems, Inc.
Who Uses Eucalyptus?
© 2011 Eucalyptus Systems, Inc.
Infrastructure-as-a-Service
© 2011 Eucalyptus Systems, Inc.
Features:
Standardized on-demand compute
Services
Elastic pool of compute entities with
fast provisioning
Automatic virtual Instance
Configurations
CPU, Memory, Network and storage
Benefits:
Efficient use of compute resources
Disposable compute entities
Self-serviceability
Eucalyptus IaaS: Compute
© 2011 Eucalyptus Systems, Inc.
Features:
On-demand Elastic IP
VM isolation with security groups
Virtual network overlay to isolate traffic
Pubilc/private IP translation (NATing),
DHCP
Multiple Networking Modes for Assigning
Addresses to VMs
Benefits:
Much easier to manage
Efficient use of network resources
Better network asset utilization
Eucalyptus IaaS: Networking
© 2011 Eucalyptus Systems, Inc.
Features:
On-demand, Highly Scalable and
Secure Bucket Based Object Store
Put/Get Objects of any type
Configurable for DAS, NAS, and SAN
Highly Reliable, Elastic Block Storage
Benefits:
Central use of Storage assets –
efficient, better utilization
Self-serviceability with access control
Eucalyptus IaaS: Storage
© 2011 Eucalyptus Systems, Inc.
Cloud Controller
• Cloud level - Virtual Resource System
• AWS EC2 Compatible
Walrus Storage
• Persistent data store
• Bucket-based, like S3
Cluster Controller
• Zone level - Virtual Resource System
• Manage Virtual Network
Storage Controller
• Block accessed network storage
• Like EBS
Node Controller
• VM management
• Instance management
VMware Broker
• ESX, ESXi management
• vCenter server compatible
Eucalyptus IaaS
© 2011 Eucalyptus Systems, Inc.
Introducing Eucalyptus 3 (E3)
Enterprise, Elastic and Experienced
© 2011 Eucalyptus Systems, Inc.
Eucalyptus 3 (E3)
© 2011 Eucalyptus Systems, Inc.
Key Features
• High Availability IaaS
• Identity and Authorization Management
• Boot from Elastic Block Storage (EBS)
• NetApp, JBOD EBS adapters
• Resource Policies and Quotas
• LDAP/AD integrations
© 2011 Eucalyptus Systems, Inc.
High Availability IaaS
Features:
• Prevent single point of failures
• Notify admins of the HA component failure
• Automated Eucalyptus service component failure recovery
Benefits:
• Reduces downtime
• Reduces reconfiguration management costs
• Reduces management tool costs
• HA leads to high efficiency, better SLAs
© 2011 Eucalyptus Systems, Inc.
High Availability IaaS
© 2011 Eucalyptus Systems, Inc.
Example Modular IaaS HA Practice
• Active and passive HA components in different racks
Storage Controller
Cluster Controller
Walrus
Cloud Controller
Node Controllers
Cloud Controller
Cluster Controller
Walrus
Storage Controller
Node Controllers
Private IP -
heartbeat
© 2011 Eucalyptus Systems, Inc.
Resource Access Control
© 2011 Eucalyptus Systems, Inc.
Identity and Authorization Management
Features: • Ability to control LOB access to
clouds using Accounts
• Pull/sync users and groups from
AD/LDAP
• Cloud wide security with keys
and certificates
• Customizable policy based
access control
• VM level MS AD/LDAP
Benefits: • Central control of users and
security credentials
• Central control of Cloud
resources
• Control over resource creation
• Permissions based on
organizational groups
Company Confidential
Active
Directory LDAP
Accounts,
Groups, Users,
Resources
Policies,
Certs, Keys,
Images, VMs,
Reports
Physical Resource Management
Virtual Cloud Resources
Platform Enhanced: Windows; RHEL, KVM 6; VMware
Enhanced Enhanced
Virtual Resource System Resource Access Control
High Availability IaaS
Virtual and
Physical
Resource
Administration
Enhanced
Eucalyptus Identity Authorization and Management Web
Services
Compute Network Identity Storage
© 2011 Eucalyptus Systems, Inc.
Policies and Resource Permissions
• Accounts->Usergroups->Users => Permissions into Resources using policies
• Flexible, configurable policies – easily automatable
• No default permission for resource creators
• Cross-account permissions similar to AWS
© 2011 Eucalyptus Systems, Inc.
Resource Usage Control
© 2011 Eucalyptus Systems, Inc.
User Quotas and Chargeback
• Quotas are proactive to control access
– Control at creation level
– Better asset utilization
• Chargeback/Showback reports
– Enforce usage based on historical information
– Generate usage reports
– Link chargeback to billing systems
Self-service is big process change IT feels they lose control
IT is forced to become brokers (hybrid clouds)
© 2011 Eucalyptus Systems, Inc.
Resource Usage Control
Company Confidential
Resource usage
and control
- Quota
- Capacity
- Charges
Security
- Authentication
- User Access
Control
Dev and
Test eCommerce
Scalable
web
Services
Financial
Services
Cloud Deployments
Accounts,
Groups,
Users,
Resources
Policies,
Certs, Keys,
Images, VMs,
Reports
Physical Resource Management
Virtual Cloud Resources
Platform Enhanced: Windows; RHEL, KVM 6;
VMware
Enhanced Enhanced
Virtual Resource System Resource Access Control
High Availability IaaS
Virtual and
Physical
Resource
Administration Enhanced
Eucalyptus Identity Authorization and Management Web Services
Compute Network Identity Storage
• Quotas are policy statements
• Quotas are permissions to “limit” resource “creation”
• Types of quotas – Walrus bucket control –
Size, number of objects
– Number of images, snapshots, and users per accounts
– Number of VMs for accounts and users
– Number of volumes for accounts and users
– Total size of volumes for accounts and users
© 2011 Eucalyptus Systems, Inc.
Platform Changes
© 2011 Eucalyptus Systems, Inc.
Storage Controller Changes
• Storage Controller is Highly Available
• Boot Images from EBS
–AWS compatible
• New SAN Devices: NetAPP and JBOD
Cloud Controller
Compute IaaS
Cluster Controller
Walrus Storage
SAN
Enhanced Eucalyptus Storage Controller
NetApp
Sales
Boot from EBS
JBOD
Dev/Test
Sales
Company Confidential
Storage Controller HA Boot from EBS
© 2011 Eucalyptus Systems, Inc.
Boot from EBS
Features:
• AMI/EMIs are EBS backed
– Removes the size limit (1TiB)
• Stopped instances persist
• Much improved boot times
• Image creation is much faster
Benefits:
• Faster provisioning times
• Configuration management is much easier
© 2011 Eucalyptus Systems, Inc.
Euca IaaS support stack
Physical Resource Management
Virtual Resource Management
Cloud Resources
IaaS Web Services
Third Party
Management
SaaS / PaaS Providers
© 2011 Eucalyptus Systems, Inc.
Hybrid Clouds
Why Eucalyptus?
© 2011 Eucalyptus Systems, Inc.
Why hybrid? Top reasons today
On ramping to public clouds
• Can’t wait for IT to provision my resources for test and dev?
• My HPC/Big Data workload is temporary
– Monte Carlo simulation
Off ramping to private
• Running on public today, but it’s becoming expensive
On and off ramping
• In the future: transport workloads seamlessly between public and private
© 2011 Eucalyptus Systems, Inc.
Use Cases
Scalable
Web/Content
Services
Development
and Test
High
Performance
Computing
© 2011 Eucalyptus Systems, Inc.
Biggest hurdles to realize hybrids
• Cloud Governance
a. Standardization – Service Catalogs
b. Security – protection and encryption
c. Resource Metering
d. Capacity planning
• Comprehensive unified management layer
a. Change and configuration management
b. Monitoring
c. Service Management
Virtual Resource Model for Private and Public (same semantics)
Similar API
© 2011 Eucalyptus Systems, Inc.
Eucalyptus Amazon AWS compatibility
AWS
EC2
AWS
S3
AWS
EBS
AWS
IAM
© 2011 Eucalyptus Systems, Inc.
Seamless interoperability with AWS
© 2011 Eucalyptus Systems, Inc.
Demo
© 2011 Eucalyptus Systems, Inc.
Thank you
© 2011 Eucalyptus Systems, Inc.
Features
Image Management
Infrastructure Management
Users and Groups
VM Network Traffic Isolation
Private/Public Keys
Cluster Isolation
Benefits:
Central, remote control
Resource-level management
Uses existing security, datacenter
automation tools and management
Eucalyptus IaaS: Resource Management
© 2011 Eucalyptus Systems, Inc.
Features
Role-based
Users and Groups
Accounting
Quota
Security
Central Console
Image Catalog
Benefits:
Ease of administration, single pane of glass
Flexibility: GUI, CLI and API
Lower complexity: resource-level
administration
Eucalyptus IaaS: Resource Administration
© 2011 Eucalyptus Systems, Inc.