OpenStack An Open Cloud for an Open Data World IBM s Contributions, Commitments & Products

IBM Cloud: Think it. Build it. Tap into it. OpenStack An Open Cloud for an Open Data World IBM s Contributions, Commitments & Products Henry Nash (henry.nash@uk.ibm.com) IBM OpenStack Architect & Wild Duck OpenStack Keystone Core Contributor

Agenda What is OpenStack? and why is it important in an open data world? Examples of use of OpenStack and some of the latest developments IBM s commitment & contributions Products built on open standards 2

OpenStack Open software to manage compute, network & storage resources in the cloud Our goal is to produce the ubiquitous Open Source cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable. 3 3

Relevance to an Open Data world The data we share will almost entirely be stored in cloud-based providers As we look to ensure the data is truly open, there are some hard questions to answer Who has access to it? Who has had access to it? Where is it actually stored? Who is backing it up? How can I (really) delete my data? Can a provider support a 1000x increase in capacity on-demand? Can a provider actually prove their answers to the above? Can I audit my provider to assure me of those answers? Etc. 4

OpenStack Cloud Platform Open Source (Apache 2.0 license) Linux of the datacentre, avoid vendor lock-in, maintain workload portability Build a great engine, packagers will build a great car (think Linux vs RHEL/SUSW) 5

OpenStack Cloud Platform Technology Capabilities Compute nova Block Storage cinder Object Storage swift Networks quantum Web Dashboard horizon Images glance Identity keystone Provision and manage large pools of on-demand computing resources Volumes on commodity storage gear, and drivers for more advanced systems like NetApp, Solidfire, and Nexenta Petabytes of reliable storage on standard gear VLAN or Flat Network & SDN Self-service, role-based web interface for users and administrators Image Registry Service, that can point at images stored in various locations Multi-tenant authentication system, that can increasingly tie to existing stores (e.g. LDAP) 6

OpenStack: History and releases Founded in 2010 as an open source project by Rackspace and NASA 10 releases so far, bi-yearly Most common release in production: IceHouse (04/2014) Hot of the press release: Juno (09/2014) Next release: Kilo (04/2015) Each release new version of the existing core projects new core projects are released overall architectural picture might change 7

OpenStack s Phenomenal Growth 2014 APR 17 Release: Icehouse 1,766,546 lines of code COMPANIES 405Supporters: 292 Total Members: 26 Total Sponsors: 87 Total COMMITS 61k Last 12 months 2013 OCT 17 Release: Havana 1,729,137 lines of code INDIVIDUAL MEMBERS 190882011 SEP 22 Release: Diablo 405,844 lines of code 2012 SEP 27 Release: Folsom 667,895 lines of code 2013 APR 4 Release: Grizzly 1,323,479 lines of code 2012 APR 5 Release: Essex 558,368 lines of code 2011 APR 15 Release: Cactus 117,887 lines of code 2011 SEP 22 Release: Diablo 478,671 lines of code 2011 FEB 3 2010 OCT 21 Release: Bexar Release: Austin 85,425 lines of code 52,796 lines of code Source: http://www.ohloh.net/p/openstack 8

Diverse Use Cases 9

No limits: CERN Uses OpenStack Large Hardron Collider tracks 4 million collisions/sec, out of which it selects 200 complex images to store/sec Building out a 50,000 core OpenStack farm to handle We record 40 Mbytes per second each 6 months, adding to the currently store of around 140 PB today Randall Sonie, research scientist, University of Victoria 11

Why are so many using OpenStack? Faster If software development, data analytics, or running application infrastructure is strategic for your business, OpenStack is the platform that will accelerate time to value Flexible Plugin architecture and broad support from leading technology companies mean OpenStack works with many of the components you already have in your datacenter Community Extremely large and diverse community that follows open and mature processes for delivering innovation and new capabilities 12

What do enterprises like about OpenStack? Open platform Technology accessible in many ways: hourly, appliance, distribution, DIY Community-driven innovation Empowered users and developers Deep engagement from our users and developers Users have more control of their destiny Broad, global support from companies Not driven by a single company Many technologies in your datacenter are already supported 13

Latest Developments: Federation Use Cases Multiple OpenStack Service Providers Implementor would like to allocate workloads between multiple cloud service providers without having to maintain identities in each service provider. Easy to configure Customers of cloud service providers desire easy integration with their existing identity provider with their cloud accounts. Cloud Bursting Implementor would like to auto-scale infrastructure to service-providers without having to maintain identities in each service provider. Non-Keystone service providers Implementor would like to use the keystone serviceprovider federation solution to connect to serviceproviders that don t run keystone, but do run a standard federation protocol. Easy federation workfows for clients Client developers would like to be aware of as few federation protocols as possible. Central policy information point for service provider trusts Implementor would like onpremise keystone to be the single system for handling service provider trusts. Identities federating in Identities federating out 14 Allow easy integration with existing identity providers through the use of standard federation protocols. Allow easy integration from keystone to services providers through the use of standard federation protocols

Example of Latest Capabilities: Hybrid Federation Mapping Nova, Cinder, Neutron etc. Nova, Cinder, Neutron etc. Private Cloud Keysto ne Pre-defined trust Keysto ne Public Cloud Authenticate, do work on local resources, and/or get SAML assertion for Public Cloud Custom er App / Login Use SAML assertion to get access 15

What is OpenStack? and why is it important in an open data world? Examples of use of OpenStack and some of the latest developments IBM s commitment & contributions Products built on open standards 16

IBM leadership in establishing open technologies Lynchpin technologies provide a roadmap to innovation Service Oriented Architecture Engagement: Social Open Cloud Architecture NO SQL e-business Engagement: Mobile Data Cloud Interoperability Portability Flexibility 17 1

IBM is working to accelerate OpenStack Foundation success Mar 2013 859 Contributors 8,500 Members Platinum Sponsors Exponential growth Jan 3148 2015 Contributors 18152 Members Gold Sponsors Because an open interoperable Cloud is critical for flexible cloud deployment and customer success 19 IBM has 19 core contributors 2 IBM is #2 in contributions to OpenStack integrated projects OpenStack Participant Growth +100 IBMers active developers in OpenStack projects +400 IBMers working on OpenStack from formation of the Foundation to Code Quality & New Function 18 1

Building on open from the ground up enables IBM to maximize client investment SaaS OAuth PaaS IaaS Private Cloud Hybrid Cloud Off-premises cloud 19 1

IBM Contributions to OpenStack: Road To Juno 20 Essex Core Contributors: 1 Technical Contributors: 2 Commits: 9 Blueprints: 0 Projects: 6 Key Contributions: Chinese Translation Nova Hygiene Storage Enhancements Total IBMers Folsom Core Contributors: 4 Technical Contributors: 18 Commits: 181 Blueprints: 9 Projects: 20 Key Contributions: Integration Tests Crowd Sourced Translation Membership Services Total IBMers 54 100 Grizzly Core Contributors: 10 Technical Contributors: 38 Commits: 961 Blueprints: 35 Projects: 33 Key Contributions: API Stability Storage Enhancements 21% of Nova design features Total IBMers 270 Havana Core Contributors: 13 Technical Contributors: 85 Commits: 1595 Blueprints: 71 Projects: 48 Key Contributions: Enterprise Security Ceilometer Quality Assurance Total IBMers 380 Source http://www.stackalytics.com/ Icehouse Core Contributors: 14 Technical Contributors: 107 Commits: 1722 Blueprints: 85 Projects: 61 Key Contributions: Quality Assurance Authentication & Security 15% of Compute features Total IBMers Juno Core Contributors: 15 Technical Contributors: 109 Commits: 1669 Blueprints: 48 Projects: 78 Key Contributions: Federated Identity Block Volume Replication Dashboard Enhancements Total IBMers 380 400 2

IBM s Cloud capabilities based on OpenStack IBM Cloud Manager IBM Cloud Orchestrator IBM Cloud Services Evolve existing infrastructure to Cloud Accelerate adoption with expert integrated systems Immediate access to a managed platform 21

CADF Event Model provides the CSI: standard for Clouds CADF s 7 essential W s of auditing and monitoring Model works for any CADF Event Type: Activity, Monitoring or Control CADF Guidance to normatively record Basic, Detailed or Precise information for each component 2 1 3 What What activity occurred?; What the result? Event Type (activity, monitoring, control) CADF Action classification (basic) CADF Outcome Classification (basic) Reason codes (detailed) When When did the Action happen? When was it it observed? How long did it it take? ISO 8601 Timestamp with fractional sections (basic or precise) Timezones (detailed) Duration for long running events (detailed) Who User / service that initiated the Action Initiator identifer, name (basic) CADF Resource classification (basic) Credentials (detailed) Identity assertions (precise) 4 5 Where Where was the Action observed? What role does the event serve? How was it it recorded? Observer identifer, name (basic) CADF Resource classification (basic) Role, Reporting Steps (detailed, precise) On What OnWhat resource did the Activity target Target identifer, name (basic) CADF Resource classification (basic) FromWhere ToWhere 6 7 FromWhere was the Action Initiated? ToWhere was the Action Targeted? Network addresses (basic) Host information (agents, platforms, etc.) (detailed) ISO 6709 Geolocation, ICANN codes (precise) 7 W s are filled out using the perspective of the OBSERVER component resource 22

CADF Facilitates QRadar s Integrated intelligence across hybrid cloud deployments Resource Monitoring and Tracking User Activity Monitoring Detect anomalies, insider threats Audit & Compliance On-Prem Workloads deployed in On-Prem Private cloud Environments Off-Prem Workloads deployed in Off Prem Private Cloud Environments 23

What is TOSCA? TOSCA is an important new open cloud standard, that is enabling a unique eco-system, supported by a large and growing number of international industry leaders TOSCA defines the interoperable description of applications; including their components, relationships, dependencies, requirements, and capabilities. thereby enabling portability and automated management across cloud providers regardless of underlying platform or infrastructure thus expanding customer choice, improving reliability, and reducing cost and time-to-value. 24

Build Externa l Influen Business ces Conditions Strategic Requests Operational Requests Hot Packs Infrastructur e Changes TOSCA enables holistic application lifecycle automation while ensuring integrity, security and compliance Architects Model services, policies & requirement s Operations Deploy, manage & monitor application lifecycle Cloud Application Lifecycle with TOSCA Design TOSCA Template TOSCA Template Cloud Provider A Deploy Develop Cloud Provider C Cloud Provider B TOSCA Template TOSCA Template TOSCA Templates Agnostic to Cloud Infrastructure Changes Developme nt Teams Develop, unit test scripts, plans & artifacts for planned releases, patches, fixes QA Teams Build & Test releases, updates & configurations TOSCA templates communicate and drive application-centric DevOps & Test TOSCA Template 25

TOSCA and OpenStack Heat / HOT alignment TOSCA v1.0 XML Topology and Orchestration Specification for Cloud Applications coming from the application point of view simplify TOSCA v1.1 Simple Profile adoption Align with and in YAML development enable community use Learn from and adapt cases to open source Heat-Translator Project Started implementation Definition of base infrastructure types in alignment with OpenStack resources Adaptation of TOSCA meta-model to align with HOT TOSCA Havana dev cycle Icehouse dev cycle Juno dev cycle K+ dev cycles WS CloudFormation Enhancement of software orchestration Requirement/capability for software component lifecycle supportconcepts for better portability Definition of SoftwareConfiguration and SoftwareDeployment resources Learn from and adapt support to standards HOT development application level experience use cases clean definition of a declarative DSL A Heat template describes the infrastructure for a cloud application in a text file (from https://wiki.openstack.org/wiki/heat) coming from the infrastructure point of view Hea t 26

Integrating OpenStack Keystone Federation Support with IBM Products http://www.ibm.com/developerworks/cloud/library/clkeystone-tfim/ 27

http://www.ibm.com/cloud-computing/us/en/open-cloud.html 28

IBM Cloud: Think it. Build it. Tap into it. OpenStack An Open Cloud for an Open Data World IBM s Contributions, Commitments & Products Henry Nash (henry.nash@uk.ibm.com) IBM OpenStack Architect & Wild Duck OpenStack Keystone Core Contributor