In this post we continue our journey in OpenStack with a presentation of the high-level architecture.
OpenStack is not based on a single huge open source project but it has been architected and designed using a modular approach where each component is developed independently by a dedicated project.
This is the big picture of the OpenStack architecture including every module and the relation with the other components:
Because OpenStack is highly configurable, it is possible to create a tailored solution using only a subset of modules in order to cover the specific needs. For this reason, the deployments range from a single server using a single module based on Glance or Cinder to very complex datacentre solutions based on multiple interrelated modules configured in high availability mode. You can also install the entire stack in a single box just for development or evaluation purposes.
Compute: (Project NOVA)
Compute is the virtual machine provisioning and management module. It controls many aspects of the virtualization platform like networking, CPU, storage, memory, creating, controlling, and removing virtual machine instances, security, and access control.
Compute offers a wide range of supported virtualization platform ranging from open source to proprietary
The module implements own solutions to manage networking and storage but it can also be integrated with the other modules of the architecture.
Object Storage (Project SWIFT)
Object Storage is a distributed storage system for static data such as generic files, multimedia or virtual machine images. There are multiple layers of redundancy and automatic replication, so a failure in a node doesn't result in data loss, and recovery is automatic. It uses the concepts of Zone and Region in order to write multiple copy of the file in isolated storage (i.e. different servers or different racks up to different datacentres).
It is able to scales horizontally by adding new servers to increase the storage and replication.
Block storage (Project CINDER)
Block storage is essentially a management system of volumes used by OpenStack virtual machines. It supports the snapshots in order to back up data. Snapshots can be restored or used to clone a block storage volume. The volumes can be dynamically attached and detached to\from virtual machine, but multiple machine cannot attach the same volume.
Networking (Project NEUTRON)
OpenStack provides a flexible networking layer for the cloud. It lets the management of multiple networks, control traffic and IP addressing, connect servers and devices to one or more networks.
The Neutron abstracts the management of networking services by using a pluggable backend architecture responsible for interacting with the underlying infrastructure.
A large number of plug-ins are available and include:
Open vSwitch Plugin
Cisco UCS/Nexus Plugin
Linux Bridge Plugin
Modular Layer 2 Plugin
Nicira Network Virtualization Platform (NVP) Plugin
Ryu OpenFlow Controller Plugin
NEC OpenFlow Plugin
Big Switch Controller Plugin
Cloudbase Hyper-V Plugin
Brocade Neutron Plugin Brocade Neutron Plugin
IBM SDN-VE Plugin
OpenStack networking implements a framework to extend the capability with intrusion detection systems (IDS), load balancing, firewalls and virtual private networks (VPN).
Identity services (Project KEYSTONE)
Keystone provides identity management with authentication and authorizations services using a central repository of users mapped to the OpenStack services they can access.
OpenStack identity integrates with existing backend directory services such as LDAP. It supports several forms of authentication including username and password, tokens and AWS-type logins.
Image services (Project GLANCE)
The OpenStack Image Service manages virtual disk images. The images can be used as a template to get new virtual servers up and running. It can also be used to store and catalogue an unlimited number of backups. Glance supports many different storages and formats.
Metering and Monitoring services (Project CELIOMETER)
The primary goals of this module are monitoring and metering, but the framework is easily expandable to collect for other needs. It can be used as unique point of contact for billing systems to acquire all of the measurements they need to establish customer billing, across all current OpenStack core components.
Dashboard (Project HORIZON)
The dashboard provides a web-based interface to many of the OpenStack services including Nova, Swift and Keystone.
Horizon is based on a Django module called django-openstack. Django is a high-level Python Web framework to create web application (https://www.djangoproject.com/ ).
Orchestration (Project HEAT)
Heat provides a framework to manage the entire lifecycle of infrastructure and applications within OpenStack clouds. Heat provides a template based orchestration for describing a cloud application by executing appropriate OpenStack API calls to generate running cloud applications.
The templates are based on AWS CloudFormation used for creation of most OpenStack resource types (such as instances, floating ips, volumes, security groups, users, etc), as well as some more advanced functionality such as instance high availability, instance autoscaling, and nested stacks.
This is a high-level presentation of the OpenStack architecture in order to describe the main features and capabilities of each single module. Each module could be further drilled-down to illustrate the architecture and the internal work, but it is not the scope of this post.
Now, it is really the time to put your hands-on!
Read More »
OpenStack is not based on a single huge open source project but it has been architected and designed using a modular approach where each component is developed independently by a dedicated project.
This is the big picture of the OpenStack architecture including every module and the relation with the other components:
Because OpenStack is highly configurable, it is possible to create a tailored solution using only a subset of modules in order to cover the specific needs. For this reason, the deployments range from a single server using a single module based on Glance or Cinder to very complex datacentre solutions based on multiple interrelated modules configured in high availability mode. You can also install the entire stack in a single box just for development or evaluation purposes.
Compute: (Project NOVA)
Compute is the virtual machine provisioning and management module. It controls many aspects of the virtualization platform like networking, CPU, storage, memory, creating, controlling, and removing virtual machine instances, security, and access control.
Compute offers a wide range of supported virtualization platform ranging from open source to proprietary
| Product | Interface | Description |
|---|---|---|
| Kernel Virtual Machine (KVM) | Libvirt | Most popular technology for small scale deployments. Supports advanced operations such as live migration and resize. |
| Xen | Libvirt | Most popular (along with XCP/XenServer) technology for larger scale and production deployments. |
| Citrix Xen-Server | XenAPI | Citrix’s commercial version of Xen-based virtualization product. Supports advanced features. |
| Xen Cloud Platform (XCP) | XenAPI | Citrix’s open source version of XenServer. Supports a subset of XenServer features. |
| VMware ESX / ESXi / vSphere | vSphere API | VMWare virtualization platform. |
| User Mode Linux | libvirt | Generally considered a lower performance virtualization option. |
| Microsoft Hyper-V | Windows Management Instrumentation (WMI) | Microsoft’s hypervisor-based virtualization technology. |
| QEMU | Libvirt | Provides the basis for most Linux-based virtualization technologies (such as KVM and Virtualbox). |
| Linux Containers (LXC) | Libvirt | LXC is an operating system-level partitioning technology that allows for running multiple isolated servers (containers) in a single kernel. |
The module implements own solutions to manage networking and storage but it can also be integrated with the other modules of the architecture.
Object Storage (Project SWIFT)
Object Storage is a distributed storage system for static data such as generic files, multimedia or virtual machine images. There are multiple layers of redundancy and automatic replication, so a failure in a node doesn't result in data loss, and recovery is automatic. It uses the concepts of Zone and Region in order to write multiple copy of the file in isolated storage (i.e. different servers or different racks up to different datacentres).
It is able to scales horizontally by adding new servers to increase the storage and replication.
Block storage (Project CINDER)
Block storage is essentially a management system of volumes used by OpenStack virtual machines. It supports the snapshots in order to back up data. Snapshots can be restored or used to clone a block storage volume. The volumes can be dynamically attached and detached to\from virtual machine, but multiple machine cannot attach the same volume.
Networking (Project NEUTRON)
OpenStack provides a flexible networking layer for the cloud. It lets the management of multiple networks, control traffic and IP addressing, connect servers and devices to one or more networks.
The Neutron abstracts the management of networking services by using a pluggable backend architecture responsible for interacting with the underlying infrastructure.
A large number of plug-ins are available and include:
Open vSwitch Plugin
Cisco UCS/Nexus Plugin
Linux Bridge Plugin
Modular Layer 2 Plugin
Nicira Network Virtualization Platform (NVP) Plugin
Ryu OpenFlow Controller Plugin
NEC OpenFlow Plugin
Big Switch Controller Plugin
Cloudbase Hyper-V Plugin
Brocade Neutron Plugin Brocade Neutron Plugin
IBM SDN-VE Plugin
OpenStack networking implements a framework to extend the capability with intrusion detection systems (IDS), load balancing, firewalls and virtual private networks (VPN).
Identity services (Project KEYSTONE)
Keystone provides identity management with authentication and authorizations services using a central repository of users mapped to the OpenStack services they can access.
OpenStack identity integrates with existing backend directory services such as LDAP. It supports several forms of authentication including username and password, tokens and AWS-type logins.
Image services (Project GLANCE)
The OpenStack Image Service manages virtual disk images. The images can be used as a template to get new virtual servers up and running. It can also be used to store and catalogue an unlimited number of backups. Glance supports many different storages and formats.
| Image Store | Description |
|---|---|
| Fileystem | Stores, deletes, and gets images from a filesystem directory or shared drive (e.g., NFS). |
| HTTP | Read-only image store access to get images using URL. |
| Swift | Stores, deletes, and gets images from a Swift installation. |
| S3 | Deletes or gets images (but not stores) from Amazon’s S3 service |
| Disk Format | Description |
|---|---|
| Raw | Unstructured disk format |
| VHD | Most common format |
| VMDK | VMware Format |
| qcow2 | QEMU image format, native format for KVM and QEMU. |
| VDI | Oracle VM VirtualBox virtual disk image format. |
| ISO | Archive format for optical disks. |
| AMI, ARI, AKI | Amazon machine, ramdisk, and kernel images (respectively). |
| Container Format | Description |
|---|---|
| OVF | An open standard for distributing one or more virtual machine images. Read more about this standard at http://www.dmtf.org/standards/ovf. |
| aki, ari, ami | Amazon kernel, ramdisk, or machine image (respectively). |
| Bare | No container for this image. |
Metering and Monitoring services (Project CELIOMETER)
The primary goals of this module are monitoring and metering, but the framework is easily expandable to collect for other needs. It can be used as unique point of contact for billing systems to acquire all of the measurements they need to establish customer billing, across all current OpenStack core components.
Dashboard (Project HORIZON)
The dashboard provides a web-based interface to many of the OpenStack services including Nova, Swift and Keystone.
Horizon is based on a Django module called django-openstack. Django is a high-level Python Web framework to create web application (https://www.djangoproject.com/ ).
Orchestration (Project HEAT)
Heat provides a framework to manage the entire lifecycle of infrastructure and applications within OpenStack clouds. Heat provides a template based orchestration for describing a cloud application by executing appropriate OpenStack API calls to generate running cloud applications.
The templates are based on AWS CloudFormation used for creation of most OpenStack resource types (such as instances, floating ips, volumes, security groups, users, etc), as well as some more advanced functionality such as instance high availability, instance autoscaling, and nested stacks.
This is a high-level presentation of the OpenStack architecture in order to describe the main features and capabilities of each single module. Each module could be further drilled-down to illustrate the architecture and the internal work, but it is not the scope of this post.
Now, it is really the time to put your hands-on!
