Building an Open Source Private Cloud Billy Cox Director, Cloud SW Strategy Intel Corp
Objectives General Cloud Objectives Open Source Agility Cost savings Time to solution Key usage models Common architecture Choices of solutions Reduced dependencies on suppliers Choice of suppliers Directly work on the code Harness industry innovation
Key Usage Models BUILD A CLOUD IMPROVE EFFICIENCY AND MANAGEABILITY ENHANCE SECURITY Client-aware Cloud IaaS, PaaS & SaaS Scale-out Storage Service Catalog* Unified Networking Standard Unit of Measurement for IaaS* Carbon Footprint* IO Control* Policy-based Power Management VM Interoperability* Long Distance Workload Migration* Security Monitoring* Security Provider Assurance* Trusted Compute Pools Identity Provisioning* Single Sign-On* Privileged Access & Identity* Governance & Auditing* * Open Data Center Alliance usage models
Cloud Data Center Architecture Multi-Tenant Security Execution integrity VM data privacy Secure DC federation Cloud Server Secure Efficient Automated Optimized Data Center High efficiency, High Temp, Low PUE Management integration with facility Cloud Applications Management Security Server Network Storage Cloud Apps Scale based on demand Optimized for cloud Designed for failures Group Level Mgt. Simple node control QoS enforced Consistent API Scalable Cloud Storage Low-latency scale-out Accelerated by NVM tiers Network Platform Std. high-volume hardware Programmable OS Open Mgt. APIs System Fabric Connects servers + storage Cost-effective bandwidth, low-latency Shared I/O and NVM
Server Today Highly optimized Power efficient Workload optimized Emerging Open Motherboard, chassis, rack, and data center design are open sourced No thermal shadows Highly power efficient servers High ambient temperature operation Highly efficient data center designs
Open Compute Project Structure Contributions Enablement
Impact of High Ambient Temp Intel Analysis Data Center 15 MW datacenter with 10 KW rack and a 50% average utilization. Standard Chilled water system, N+1 configuration System Compared an HTA optimized platform with a non optimized system CPU, layout & heat sink Energy savings converted to server power- from cooling infrastructure reduction Reduction in cooling energy costs Power savings due to optimized system Reduction in chillers, cooling towers and ACU by using free cooling Intel Internal estimate based on deploying HTA optimized system 24/7/365 ambient temperature in 15 MW New Mexico data center with 5kW rack and 50% utilization. Assumed 10c/kw as cost of power.
Identify Workload Characteristics Mainstream Highly Parallel Light Weight Search workloads Caching tiers Data tiers Visualization Real-time Analytics Video processing Web access tier Web hosting Spread Core Form-Factor 4S Mid-range Half-width Board Form-Factor Microserver Efficiency requires optimized platforms for key workloads
Storage Today NAS, SAN Scale-out still new Relational DB Emerging Converged storage Common IA platforms used as storage servers. NoSQL ::Swift, Cassandra, MongoDB, Oceanbase, Ceph Encrypt data Always Use encryption acceleration HW in the CPU
10 Converge Storage Server Ingredients Scalable Solid State Storage High Performance Processors Scalable Unified Network Protecting data IO Controllers and Host Bust Adapters Protecting data with Software Open ecosystem driving innovation and business value.
Number of Users Decryption processing rate (MB/CPU seconds) Provisioning time (seconds) Web Banking Workload MS IIS/PHP 1 Intel AES-NI Performance Configuration Details Database Decryption Oracle Database Enterprise Edition 11.2.0.2 AES-128) 2 Full Disk Encryption McAfee Endpoint Encryption 3 Higher is better Higher is better Lower is better 4.5x 23% 7x speedup -42% 13000 16000 17 3500 12 Xeon 5100 w/o encryption Xeon 5500 w/o encryption Xeon 5600 with encryption Xeon 5500 w/o Intel IPP Xeon 5600 w/intel IPP Xeon 5500 Xeon 5600 1 System configuration: Windows 2008 R2 x64 Ent. Server. PHP banking sessions /users measured with Intel Xeon X5680 (3.33 GHz) vs Intel Xeon 5160 (3.00 GHz) and Intel Xeon X5570 (2.93 GHz), 24 SSD RAID 0 arrays, TLS_RSA_with_AES_128_CBC_SHA cipher suite. 2 System configuration: Oracle 11g with TDE, time takes to decrypt a 5.1 million row encrypted table with AES-256 CBC mode on WSM 3.33 GHz optimized with Intel Performance Primitives crypto library (IPP) vs NHM 2.8 GHz without IPP. Timing measured is per 4K of data. 3 System configuration: McAfee Endpoint Encryption for PCs (EEPC) 6.0 package with McAfee epolicy Orchestrator (epo) 4.5 encrypting a 32GB X25E SSD with WSM 3.33 GHz vs. NHM 2.93 GHz. 24GB of memory. Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors. Performance tests, such as SYSmark and MobileMark, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products.
Network Today 1G 7-10 connections per server Emerging Converged network Fewer cables, lower power, less costly Optimized hypervisors Lower latency ::Xen, KVM using SR-IOV Ethernet for storage Better performance, common fabric
Efficiency through Converged IO 1GbE + HBA Server Connections 10GbE Server Connections 45% Reduction in Power per Rack 80% Reduction in Cables and Switch ports 15% Reduction in Infrastructure Costs 2x Improved Bandwidth per Server http://www.event-management-online.de/lad/calculator.aspx Source: Intel 10GbE ROI Calculator. This ROI calculator is a cost comparison for a highly virtualized solution, using multiple 1GbE connections versus a dual port 10GbE implementation 13
Virtualization Leadership Intel VT-c Single Root I/O Virtualization (SR-IOV) Improves network performance by providing dedicated I/O and data isolation between VMs and the Network Controller 40 35 30 25 20 15 10 5 0 SR-IOV Performance XenServer 5.6 at (32K) 34Gb Intel 82599 (SR- IOV) 6Gb Intel 82599 (Non- SR-IOV) Virtual Machine Device Queues (VMDq) VMDq Performance ESX4.1 IxChariot Dual Port Performance bi-directional (32K) Improves network performance and CPU utilization by reducing sorting overhead of networking traffic 35 30 25 20 15 10 5 0 34Gb Intel 82599 15Gb Broadcom BMC57711 26Gb Emulex OCE10102-F Performance tests and ratings are measured using specific computer systems and/or components and reflect the approximate performance of Intel products as measured by those tests. Any difference in system hardware or software design or configuration may affect actual performance. Buyers should consult other sources of information to evaluate the performance of systems or components they are considering purchasing. For more information on performance tests and on the performance of Intel products, visit http://www.intel.com/performance/resources/benchmark_limitations.htm. Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors. Performance tests, such as SYSmark and MobileMark, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. 1
Case Study: : FC vs. FCoE Yahoo*Case Study Results: 1. FCoE throughput is 15% higher than FC 2. CPU overhead is negligible 3. 10GbE era has begun, network can be consolidated Fibre Channel vs. Open FCoE 2x 8Gb FC 2x10Gb FCoE MAX bi-direction IO Throughput 800MB/sec Per port 920MB/sec Per port Total CPU consumption (Server side, worst case) User: 0.5%; System: 2% Idle: 97.5% User:0.5% System:2.5% Idle:97% Source: Presented at EMC World and IDF by Ruiping Sun -- Principal Database Architect, Yahoo
Security Today SW based trust Limited use of encryption Consider Isolate Optimized hypervisors isolate VM s using hw Comply HW root of trust ::Xen, KVM Encrypt Encrypt using HW acceleration
Enabling Trusted Pools / Protecting Data Isolate Intel VT & Intel TXT Intel TXT Comply Encrypt Intel AES-NI protects VM isolation and provides a more secure platform launch establishes trusted status, foundation to control migration based on security policy delivers built-in encryption acceleration for better data protection VM 1 VM 2 VM 1 VM 1 VM 2 VMM?? VMM * Other names and brands may be claimed as the property of others. Copyright 2011, Intel Corporation.
Management Today Many proprietary close solutions IT does the integration Open source widely used Consider Cloud management Integrated service delivery Orchestration of compute, network, storage HW root of trust ::Xen, KVM Open source ::OpenStack, Nagios, Puppet, Chef, many more
Open source cloud management Enable open source operating environments to run best on Intel architecture Foster open source ecosystems and develop new markets for Intel and its partners UPSTREAM Code Capital DOWNSTREAM Alliances Consortia OEM Service Provider Enteprise ~166 companies supporting OpenStack
Applications Today Legacy workloads still dominate Consider Big data Orchestration of compute, network, storage :: Hadoop In memory DB ::Memcached PaaS ::Cloud Foundry, OpenShift, more
Big Data Fundamentals Traditional Data Analysis Big Data Analysis Transaction Relational Database Batch Data Warehouse Analyze Unstructured Streaming Cluster Organize Analyze Devices (MapReduce) Structured data Data ~ GBs to TBs Centralized: Data moves to analytics Batch analytics Unstructured, variety of data: mashup Data ~ TBs to PBs Distributed: Analytics move to the Examples: data Streaming analytics Telco Govt Finance Web
Summary General Cloud Objectives Open Source Agility Cost savings Time to solution Key usage models Common architecture Choices of solutions Reduced dependencies on suppliers Choice of suppliers Can choose to hire developers to work on the code Harnessing industry innovation