Bbva bank on Open Stack
Download as PPTX, PDF8 likes5,976 views
BBVA presented its vision for adopting cloud technology at the OpenStack Summit in Paris, emphasizing the benefits of a hybrid cloud model for enhanced resilience and privacy. The initiative involves implementing OpenStack in conjunction with SDN to automate deployments and integrate internal processes, while also addressing security and operational challenges. Future steps include migrating to newer OpenStack versions and exploring container technologies like Docker.
Bbva bank on Open Stack
- 1. BBVA Bank on OpenStack OpenStack Summit Paris, November 2014 Jose Maria San José, Jose Luis Lucas, Daniel Chavero,
- 4. Vision Why hasn’t a bank 1B customers? Because we can’t
- 5. 2Vision
- 6. Vision: Let’s go Cloud! ● Cloud sets up self provisioning infrastructure ● Hybrid Cloud allows unlimited elasticity (no constraints) ● Active-Active Hybrid Cloud boosts resilience ● Hybrid data model (sensitive aware) ensures privacy ● Programmable automation simplifies management
- 7. BBVA BBVA It's a Cloud World BBVA Datacenter BBVA DMZ ES MX US physical constraints Z Long term transfer Amazon Google Manage-ment & Support no constraints business model constraints
- 8. New lifecycle SecDevOps Cooperation Deployment Package Tested Deployment Package Evolved Deployment Package Development Testing Production Maintenance Cloud Catalog (Virtual Machines, SW packages, SW Developments)
- 9. Strategic Roadmap Private Cloud Cultural engagement. Assure sustainability of IT DevOps Adoption Improve speed of development and deployment without flaws. Hybrid Cloud Internet-scale infrastructure. High Value Applications Web-scale applications on top of Liberty and Hydra. Cloud Consolidation Migrate internal process and applications to internal cloud.
- 10. 3OpenStack
- 11. 3 - OpenStack: the beginnings. ● Our goals. ● Previous experience in public clouds. ● Why OpenStack? ● Why RedHat? ● How are we planning to use it?
- 12. 3 - OpenStack: there we go! ● Environments: PRE and PRO. ● Enclosures with Virtual Connects o HP Blades, Proliant BL 660c o Intel Xeon E5-2660 ● Cloud Controller & Compute & Admin: o 256Gb RAM ● Swift: o 64Gb RAM & 12 HDD 1,2Tb ● Cinder & Glance: o NetApp NFS
- 13. 3 - OpenStack: there we go! ● Infrastructure deployment: Foreman + Puppet (Staypuft)
- 14. 3 - OpenStack: there we go! ● Infrastructure deployment: Foreman + Puppet
- 15. 3 - OpenStack: technical details Router Inet B Router Inet A Internet OpenStack
- 16. Firewall Foreman Management OpenStack BBVA Internal Management NFS Storage Migration RHEV - NFS Nagios Internet Security stuff DMZ/Endpoint Log collector Firewall Route r Service subnet RHEV DNS/NTP
- 17. Firewall Foreman OpenStack components: Swift Management OpenStack BBVA Internal Management NFS Storage RHEV - NFS Nagios Internet Security stuff Swift DMZ/Endpoint Log collector Firewall Route r Service subnet RHEV ● Cinder ● Glance ● Swift DNS/NTP Migration
- 18. Firewall Foreman Swift Management OpenStack BBVA Internal Management WAF NFS Storage RHEV - NFS Nagios Internet Security stuff Cloud Controller Endpoint API Swift DMZ/Endpoint Horizon Load Balancer Log collector Firewall Route r Load Balancer Service subnet OpenStack components: ● Cinder ● Glance ● Swift ● Horizon ● Keystone ● Cloud Controller DNS/NTP MySQL RabbitMQ RHEV Migration
- 19. Firewall Foreman Swift Management OpenStack BBVA Internal Management WAF NFS Storage RHEV - NFS Nagios Internet Security stuff Cloud Controller Endpoint API Swift DMZ/Endpoint Horizon Load Balancer Log collector Firewall Route r Load Balancer Service subnet RHEV Hey!… what about Neutron? OpenStack components: ● Cinder ● Glance ● Swift ● Horizon ● Keystone ● Cloud Controller ● Nova ● Neutron??? DNS/NTP Nova Compute + KVM + VRS MySQL RabbitMQ Migration
- 20. 4SDN
- 21. 4 - SDN: Motivation ● Security Team needs to enforce security at all deployment stages automatically. ● Programmability of network functions to automate deployments. ● Growth capabilities between data centers. ● It’s a good point to introduce SDN into the organization.
- 22. 4 - SDN: Why Nuage? ● Domain Templates. ● Users roles. ● Automation. ● Consumable via REST API. ● Openstack integration via neutron plugin. ● dVRS (Distributed Routing and Switching). ● Hypervisor agnostic solution.
- 23. 4 - SDN: Openstack integration ● Virtualized Services Platform (VSP): ○ Virtualized Services Directory (VSD). ○ Virtualized Services Controller (VSC). ○ Virtual Routing and Switching (VRS). ○ Virtualized Services Gateway (VSG). ● Neutron plugin. ● Basic vs. Advanced mode integration. ● Floating-IPs. ● Horizon customization.
- 24. 4 - SDN: Openstack integration. Firewall VSG Internet Data Cloud Controller Nova Compute DMZ VSC Management OpenStack Router Transit network VSD Load Balancer + WAF VRS VRS Nova Compute ... Neutron Plugin
- 25. 4 - SDN: Openstack integration (VSD). Firewall VSG Internet Data Cloud Controller Nova Compute DMZ VSC Management OpenStack Router VSD Load Balancer + WAF VRS VRS Nova Compute REST API / WEB GUI ... Neutron Plugin Transit network
- 26. 4 - SDN: Openstack integration (VSD). Firewall VSG Internet Data XMPP Cloud Controller Nova Compute DMZ VSC Management OpenStack Router VSD Load Balancer + WAF VRS VRS Nova Compute ... Neutron Plugin Transit network
- 27. 4 - SDN: Openstack integration (VSC). Firewall VSG Internet Data Cloud Controller Nova Compute DMZ VSC Management OpenStack Router VSD Load Balancer + WAF VRS VRS Nova Compute ... Neutron Plugin Open Flow Transit network
- 28. 4 - SDN: Openstack integration (VSC). Firewall VSG Internet Data Cloud Controller Nova Compute DMZ VSC Management OpenStack Router VSD Load Balancer + WAF VRS VRS Nova Compute ... Neutron Plugin MP-BGP Transit network
- 29. 4 - SDN: Openstack integration (VRS). Firewall VSG Internet Data Transit network Cloud Controller Nova Compute DMZ VSC Management OpenStack Router VSD Load Balancer + WAF VRS VRS Nova Compute ... Neutron Plugin VXLAN
- 30. 4 - SDN: Openstack integration (VSG). Firewall VSG Internet Data Break out Cloud Controller Nova Compute DMZ VSC Management OpenStack Router VSD Load Balancer + WAF VRS VRS Nova Compute ... Neutron Plugin VXLAN
- 31. 4 - SDN: Openstack integration (Plugin) Firewall VSG Internet Data Cloud Controller Nova Compute DMZ VSC Management OpenStack Router VSD Load Balancer + WAF VRS VRS Nova Compute ... Neutron Plugin REST API Transit network
- 32. 4 - SDN: Openstack integration (Custom)
- 33. 4 - SDN: Openstack integration (Custom)
- 34. 4 - SDN: Openstack integration (Custom)
- 35. 4 - SDN: Openstack integration (Custom)
- 36. 4 - SDN Security based on Nuage ● ACL and policies applied on different network levels. ● Service chaining.
- 37. 5Lesson Learned & Next Steps
- 38. 5 - Lessons learned. ● Internal process to be adapted to consume the Openstack services. ● Difficult to deploy with department silos, is better a “one-team” approach, multi disciplinar.
- 39. 5 - Next steps ● Icehouse > Juno or kilo ● Dockers ● Ceph ● ...
- 40. 5 - One Team, SecDevOps Crew ;) ● Alberto Morgante Medina (Security) ● Leticia García Martín (Security) ● Mariano Ruiz Muñoz (Storage) ● German Moya Olmedo (IT) ● Vicente Miranda Cagigas (IT) ● Alberto Martín (IT) ● Helena Cornic Giron (Networking) ● Cesar Martinez Segura (Networking) ● Enrique Garcia Pablos (Innovation) ● Karim Boumedhel (RedHat) ● Oscar Martin Vega (Nuage Networks) ● Francisco Alcantara Hernandez (Nuage Networks) ● Phillipe Jeurissen (Nuage Networks)
- 41. Thank you!
- 42. Full presentation in youtube: http://www.youtube.com/watch?v=PESWFDPbexs Summary keynote: http://www.youtube.com/watch?v=Pp2TiOKjWLY
Editor's Notes
- #21: .