SlideShare a Scribd company logo

Building a Scalable Federated Hybrid Cloud

P
PLUMgrid

This document discusses building a scalable federated hybrid cloud using a multi-cloud manager (MCM) architecture. Key points include: - MCM acts as a manager of multiple public and private clouds, providing global policy, configuration, monitoring, and billing capabilities across clouds. - The MCM is built as a web application on a PaaS to leverage existing scalable architectures and avoid reinventing solutions. This allows it to easily scale to millions of endpoints across hybrid cloud environments. - Authentication is handled externally via identity providers while the MCM programs clouds using admin accounts on trusted channels. Synchronization of configurations and templates enables active-active or active-standby cloud architectures for high availability and

Technology
1 of 36
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
Building a Scalable Federated Hybrid Cloud Sunny Rajagopalan, Principal Architect sunnyr@plumgrid.com
So you have many clouds
How did you get here?, or Why are you trying to get here?  You don’t like having a social life.  You love complexity.  This is your idea of fun.  Or ….
Or, “Nobody builds a multi cloud for fun” USE CASES FOR THE MULTICLOUD
You have an app that only runs on a certain CMS
You needed more than one for disaster recovery
You’re trying to reduce costs Proprietary CMS
You’re trying to scale (and/or) you want a smaller blast radius
You want to offer geography based services Internet GSLB
You want non disruptive upgrades or maintenance Blue cloud better than white cloud, because or “reasons”…
You have many “things” in your IoT Private Cloud IoT Cloud
How did I get here?, or Why am I trying to get here?  Shucks man, its all on the earlier slides.
Or, how to keep sane at scale MANAGING YOUR CLOUDS
Cloud Management Aspects Status/Monitoring/Trouble shooting Inventory Management Global Policy and Configuration Metering and Billing Event based Cloud Migration
Templates MultiCloud Manager
How to do the magic MULTICLOUD MANAGER ARCHITECTURE
Why not use an existing controller?  Scale to millions, maybe billions of endpoints.  Be able to manage hybrid clouds, or even things that don’t “look” like clouds.
How not to screw this up  Be a manager, not a micromanager.  Make the clouds do the heavy lifting.  For example – *don’t* go to MCM to validate Keystone tokens.  Support multiple backends through a pluggable architecture. OS “just another backend”.
Let’s make a controller!  We’ll spend the next two years making the platform.  Another two making it highly available.  And another two years making it scale. Today Six years of working on a controller So let’s not.
Does such a unicorn exist?  Well, yes!  You use them every day.  They scale to millions of users and billions of transactions.  Yes, we’re talking about web applications.  They load balance, auto scale, can be distributed geographically and still play nice.  Plus, you can build one in just a few weeks.
An experiment  Write the MCM as a web application.  Don’t worry about “platform”.  There’s no need to solve every distributed computing problem already solved.  Just use a PaaS.
Which PaaS
Which PaaS  Any PaaS would do, we used google app engine APIs powered by opensource AppScale.  This lets us deploy MCM inside a customer’s private cloud of any flavor.  This architecture also lets us offer a hosted service running “in the cloud” for MCM.
Multi Cloud Manager Architecture PaaS Webapp2 framework MCM top half MCM bottom half OS plugin Physical Router plugin IoT plugi n AWS plugi n Swagger RESTful API, json in/out Outside World Schedule right bottom half DB acces ses using PaaS API
MCM Platform Features  Supports load based auto scaling.  Distributed database backend (big table, cassandra).  Memcache for fast access of database contents.  Web based interface for viewing and monitoring database contents.  Channels allow MCM to send real time messages to clients without polling.  Etc., etc.
MCM interaction model Bottom Half Top Half MCM ODL ODL PLUMgrid BGP IPSec PLUMgrid
How to protect your cluster from Godzilla  Make two or more.  Using MCM templates, synchronize your config for keystone, nova, glance, neutron, etc.  Application data is persisted by their databases doing remote sync. Why?  Too much work for MCM, and we have a less-is-more approach.
A/A or A/S clouds VM images, user accounts, compute, storage and networking config DB MCM Top Half MCM Bottom Half App DB App DB • FM takes care of persisting configs and images. • Apps are responsible for syncing run- time databases.
A/A or A/S clouds VM images, user accounts, compute, storage and networking config DB FM Top Half FM Bottom Half App DB App DB
A/A or A/S clouds VM images, user accounts, compute, storage and networking config DB MCM Top Half MCM Bottom Half App DB • Keystone data, glance images etc were already synced by FM. • App’s database had been setup to do remote replication. • No impact on your keystone, swift, etc architecture or backends. • The switch from one active zone to another can be done using a GSLB or LB.
How to do authentication and authorization IDENTITY MANAGEMENT
This is very boring  Basically, the authentication and authorization is done “at the periphery” of the system, and MCM programs the clouds using admin accounts on trusted/encrypted channels.  MCM can use an external IdP (like oauth, saml, ldap etc).
Server Creation MCM Keystone Nova PG/ networking 1. Create server IdP (local or external) 2. get user & group Assignment Authorization Policy 3. get role, VDs, tenant, etc. 4. check policy for (operation, role) 5. Create server using token 5’. If token has expired, reauthenticate Bottom Half Neutron 6. Check token 7. Create port using svc user token 8. Create port using svc user token (keystone or PG?)
2011-2015 © PLUMgrid - Confidential Information That probably wasn’t very clear Just come talk to me later
Proof this works DEMO
www.plumgrid.com Thank you!

More Related Content

PPTX
Nested CloudStack with VMware
ShapeBlue
 
PPTX
Cumulus Networks Overview
Adam Lorts
 
PDF
Application Delivery Platform Towards Edge Computing - Bukhary Ikhwan
OpenNebula Project
 
PDF
Cumulus-Networks-Customers-1pager-3 (1)
Adam Lorts
 
PPTX
Secret Techniques to Manage Apache Cloudstack with ActOnCloud
Madan Ganesh Velayudham
 
PDF
Cloud Networking is not Virtual Networking - London VMUG 20130425
Greg Ferro
 
PPTX
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
PLUMgrid
 
PDF
How we built Packet's bare metal cloud platform
Packet
 
Nested CloudStack with VMware
ShapeBlue
 
Cumulus Networks Overview
Adam Lorts
 
Application Delivery Platform Towards Edge Computing - Bukhary Ikhwan
OpenNebula Project
 
Cumulus-Networks-Customers-1pager-3 (1)
Adam Lorts
 
Secret Techniques to Manage Apache Cloudstack with ActOnCloud
Madan Ganesh Velayudham
 
Cloud Networking is not Virtual Networking - London VMUG 20130425
Greg Ferro
 
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
PLUMgrid
 
How we built Packet's bare metal cloud platform
Packet
 

What's hot (20)

PPTX
CloudStack Meetup - Introduction
Madan Ganesh Velayudham
 
PPTX
CompTIA Cloud Plus Certification Bootcamp June 2017
Joseph Holbrook, Chief Learning Officer (CLO)
 
PPTX
You Can Build Your OpenStack and Consume it Too
PLUMgrid
 
PPTX
CloudStack networking
ShapeBlue
 
PPTX
Cloudify: Open vCPE Design Concepts and Multi-Cloud Orchestration
Cloudify Community
 
PPTX
Monitoring Security Policies for Container and OpenStack Clouds
PLUMgrid
 
PPTX
OpenStack Telco Cloud Challenges, David Fick, Oracle
Sriram Subramanian
 
PDF
Let's Talk about Packet
Packet
 
PDF
Container Networking
Open Networking Summit
 
PPTX
Hands-on Lab: Test Drive Your OpenStack Network
PLUMgrid
 
PDF
Open stack in action enovance - cloudwatt - european ambitions for openstack
eNovance
 
PDF
Understanding the New Enterprise Multi-Cloud Backbone for DevOps Engineers
DevOps.com
 
PPTX
Intro to Environment as a Service - Cloudify 5.0.5 Webinar
Cloudify Community
 
PDF
Running OpenShift Clusters in a Cloudstack Environment
ShapeBlue
 
PDF
ProductX2014 Tom thirer. mellanox
Product Excellence
 
PPTX
Delivering Composable NFV Services for Business, Residential and Mobile Edge
PLUMgrid
 
PDF
Multi-Cloud Orchestration for Kubernetes with Cloudify
Cloudify Community
 
PPTX
Why nfv and digital transformation projects fail!
Cloudify Community
 
PDF
Cloud Application Blueprints with Apache Brooklyn by Alex Henevald
buildacloud
 
PDF
Atf 3 q15-1 - introduction
Mason Mei
 
CloudStack Meetup - Introduction
Madan Ganesh Velayudham
 
CompTIA Cloud Plus Certification Bootcamp June 2017
Joseph Holbrook, Chief Learning Officer (CLO)
 
You Can Build Your OpenStack and Consume it Too
PLUMgrid
 
CloudStack networking
ShapeBlue
 
Cloudify: Open vCPE Design Concepts and Multi-Cloud Orchestration
Cloudify Community
 
Monitoring Security Policies for Container and OpenStack Clouds
PLUMgrid
 
OpenStack Telco Cloud Challenges, David Fick, Oracle
Sriram Subramanian
 
Let's Talk about Packet
Packet
 
Container Networking
Open Networking Summit
 
Hands-on Lab: Test Drive Your OpenStack Network
PLUMgrid
 
Open stack in action enovance - cloudwatt - european ambitions for openstack
eNovance
 
Understanding the New Enterprise Multi-Cloud Backbone for DevOps Engineers
DevOps.com
 
Intro to Environment as a Service - Cloudify 5.0.5 Webinar
Cloudify Community
 
Running OpenShift Clusters in a Cloudstack Environment
ShapeBlue
 
ProductX2014 Tom thirer. mellanox
Product Excellence
 
Delivering Composable NFV Services for Business, Residential and Mobile Edge
PLUMgrid
 
Multi-Cloud Orchestration for Kubernetes with Cloudify
Cloudify Community
 
Why nfv and digital transformation projects fail!
Cloudify Community
 
Cloud Application Blueprints with Apache Brooklyn by Alex Henevald
buildacloud
 
Atf 3 q15-1 - introduction
Mason Mei
 
Ad

Viewers also liked (18)

PPTX
You Can Build Your OpenStack and Consume it Too
PLUMgrid
 
PDF
How to grow a vegetable garden
natalie_0302
 
PPTX
Q1 - evaluation
jjsmaje
 
PPTX
Método de proyecto para la educación en tecnología
David Ruiz
 
PPTX
Testing the limits of cloud networks
PLUMgrid
 
PPTX
ERA_Overview
Mirela Primorac - Computer Recycling Canada
 
PPTX
How to Quickly Implement a Secure Cloud for Government and Military | Webinar
PLUMgrid
 
PDF
Capstone Presentation _ NND
Nisel Desai
 
PPT
See Your OpenStack Network Like Never Before
PLUMgrid
 
DOCX
Tiffanie Pierce Vitae
Tiffanie Pierce
 
PPT
Communicable disease
frattelo
 
PDF
OpenStack and Application Delivery: Joy and Pain of an Intricate Relationship
PLUMgrid
 
PPTX
Federation manager demo
PLUMgrid
 
PPTX
Managing Multi-hypervisor OpenStack Cloud with Single Virtual Network
PLUMgrid
 
PPTX
Docker Networking in OpenStack: What you need to know now
PLUMgrid
 
PPTX
8051 serialp port
Teju Kotti
 
PPT
Communicable disease
frattelo
 
PPTX
Design and Deploy Secure Clouds for Financial Services Use Cases
PLUMgrid
 
You Can Build Your OpenStack and Consume it Too
PLUMgrid
 
How to grow a vegetable garden
natalie_0302
 
Q1 - evaluation
jjsmaje
 
Método de proyecto para la educación en tecnología
David Ruiz
 
Testing the limits of cloud networks
PLUMgrid
 
ERA_Overview
Mirela Primorac - Computer Recycling Canada
 
How to Quickly Implement a Secure Cloud for Government and Military | Webinar
PLUMgrid
 
Capstone Presentation _ NND
Nisel Desai
 
See Your OpenStack Network Like Never Before
PLUMgrid
 
Tiffanie Pierce Vitae
Tiffanie Pierce
 
Communicable disease
frattelo
 
OpenStack and Application Delivery: Joy and Pain of an Intricate Relationship
PLUMgrid
 
Federation manager demo
PLUMgrid
 
Managing Multi-hypervisor OpenStack Cloud with Single Virtual Network
PLUMgrid
 
Docker Networking in OpenStack: What you need to know now
PLUMgrid
 
8051 serialp port
Teju Kotti
 
Communicable disease
frattelo
 
Design and Deploy Secure Clouds for Financial Services Use Cases
PLUMgrid
 
Ad

Similar to Building a Scalable Federated Hybrid Cloud (20)

PPTX
Building a Hybrid Cloud The Real Deal
RightScale
 
PDF
Modern Software Architecture - Cloud Scale Computing
Giragadurai Vallirajan
 
PPTX
Kubernetes solutions
Eric Cattoir
 
PPT
The Enterprise Cloud
Mark Masterson
 
PPTX
2014-09-15 cloud platform master class
Citrix
 
PPTX
Is Private Cloud Right for Your Organization?
ServiceMesh
 
PPT
Cloud models and platforms
purplesea
 
PPTX
Architecting Multi-Cloud Environments
RightScale
 
PDF
Simplifying Cloud Implementation
Morphlabs
 
PPTX
How to Think Multi-Cloud
RightScale
 
PPTX
Introduction: Build infrastucture-as-a-service Clouds with Apache CloudStack
buildacloud
 
PPTX
Unit -3-Cloud.pptx
SuprithaRavishankar
 
PPTX
Cloud Computing.pptx
NikitaOG
 
PPTX
Private cloud
Browne & Mohan
 
PPTX
An Introduction to Cloud Computing (2009)
Robert Grossman
 
PDF
OSDC 2012 - OpenNebula: Open-source Solution for Data Center Virtualization
OpenNebula Project
 
PDF
Building a multi-tenant cloud service from legacy code with Docker containers
aslomibm
 
PPTX
Multi Cloud Architecture Approach
Maganathin Veeraragaloo
 
PPTX
Cloud computing
Priyadarshini Dasarathan
 
PDF
Micro service, Containers & Cluster Management
Vasu Thiyagarajan
 
Building a Hybrid Cloud The Real Deal
RightScale
 
Modern Software Architecture - Cloud Scale Computing
Giragadurai Vallirajan
 
Kubernetes solutions
Eric Cattoir
 
The Enterprise Cloud
Mark Masterson
 
2014-09-15 cloud platform master class
Citrix
 
Is Private Cloud Right for Your Organization?
ServiceMesh
 
Cloud models and platforms
purplesea
 
Architecting Multi-Cloud Environments
RightScale
 
Simplifying Cloud Implementation
Morphlabs
 
How to Think Multi-Cloud
RightScale
 
Introduction: Build infrastucture-as-a-service Clouds with Apache CloudStack
buildacloud
 
Unit -3-Cloud.pptx
SuprithaRavishankar
 
Cloud Computing.pptx
NikitaOG
 
Private cloud
Browne & Mohan
 
An Introduction to Cloud Computing (2009)
Robert Grossman
 
OSDC 2012 - OpenNebula: Open-source Solution for Data Center Virtualization
OpenNebula Project
 
Building a multi-tenant cloud service from legacy code with Docker containers
aslomibm
 
Multi Cloud Architecture Approach
Maganathin Veeraragaloo
 
Cloud computing
Priyadarshini Dasarathan
 
Micro service, Containers & Cluster Management
Vasu Thiyagarajan
 

More from PLUMgrid (12)

PPTX
SDN Scale-out Testing at OpenStack Innovation Center (OSIC)
PLUMgrid
 
PPTX
In-kernel Analytics and Tracing with eBPF for OpenStack Clouds
PLUMgrid
 
PPTX
Service Discovery and Registration in a Microservices Architecture
PLUMgrid
 
PDF
Networking For Nested Containers: Magnum, Kuryr, Neutron Integration
PLUMgrid
 
PPTX
Implementing vCPE with OpenStack and Software Defined Networks
PLUMgrid
 
PPTX
Securing Micro Services in Cloud Foundry
PLUMgrid
 
PDF
Docker Networking in Swarm, Mesos and Kubernetes [Docker Meetup Santa Clara |...
PLUMgrid
 
PDF
Unified Underlay and Overlay SDNs for OpenStack Clouds
PLUMgrid
 
PPTX
Revolutionizing IT and Telecom Industry with OpenStack, SDN and NFV
PLUMgrid
 
PDF
EBPF and Linux Networking
PLUMgrid
 
PPTX
Network Monitoring and Analytics
PLUMgrid
 
PPTX
Navigating OpenStack Networking
PLUMgrid
 
SDN Scale-out Testing at OpenStack Innovation Center (OSIC)
PLUMgrid
 
In-kernel Analytics and Tracing with eBPF for OpenStack Clouds
PLUMgrid
 
Service Discovery and Registration in a Microservices Architecture
PLUMgrid
 
Networking For Nested Containers: Magnum, Kuryr, Neutron Integration
PLUMgrid
 
Implementing vCPE with OpenStack and Software Defined Networks
PLUMgrid
 
Securing Micro Services in Cloud Foundry
PLUMgrid
 
Docker Networking in Swarm, Mesos and Kubernetes [Docker Meetup Santa Clara |...
PLUMgrid
 
Unified Underlay and Overlay SDNs for OpenStack Clouds
PLUMgrid
 
Revolutionizing IT and Telecom Industry with OpenStack, SDN and NFV
PLUMgrid
 
EBPF and Linux Networking
PLUMgrid
 
Network Monitoring and Analytics
PLUMgrid
 
Navigating OpenStack Networking
PLUMgrid
 

Recently uploaded (20)

PDF
[발표본] 너의 과제는 클라우드에 있어_KTDS_김동현_20250524.pdf
ssuserf8b8bd1
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
GamePlan Trading System Review: Professional Trader's Honest Take
SOFTTECHHUB
 
PDF
KodekX | Application Modernization Development
KodekX
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
GDG Cloud Iasi [PUBLIC] Florian Blaga - Unveiling the Evolution of Cybersecur...
athlonica
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
[발표본] 너의 과제는 클라우드에 있어_KTDS_김동현_20250524.pdf
ssuserf8b8bd1
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
GamePlan Trading System Review: Professional Trader's Honest Take
SOFTTECHHUB
 
KodekX | Application Modernization Development
KodekX
 
Teaching material agriculture food technology
LiaRayya
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
GDG Cloud Iasi [PUBLIC] Florian Blaga - Unveiling the Evolution of Cybersecur...
athlonica
 
Cloud computing and distributed systems.
kkkkkhan
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 

Building a Scalable Federated Hybrid Cloud

  • 1. Building a Scalable Federated Hybrid Cloud Sunny Rajagopalan, Principal Architect sunnyr@plumgrid.com
  • 2. So you have many clouds
  • 3. How did you get here?, or Why are you trying to get here?  You don’t like having a social life.  You love complexity.  This is your idea of fun.  Or ….
  • 4. Or, “Nobody builds a multi cloud for fun” USE CASES FOR THE MULTICLOUD
  • 5. You have an app that only runs on a certain CMS
  • 6. You needed more than one for disaster recovery
  • 7. You’re trying to reduce costs Proprietary CMS
  • 8. You’re trying to scale (and/or) you want a smaller blast radius
  • 9. You want to offer geography based services Internet GSLB
  • 10. You want non disruptive upgrades or maintenance Blue cloud better than white cloud, because or “reasons”…
  • 11. You have many “things” in your IoT Private Cloud IoT Cloud
  • 12. How did I get here?, or Why am I trying to get here?  Shucks man, its all on the earlier slides.
  • 13. Or, how to keep sane at scale MANAGING YOUR CLOUDS
  • 14. Cloud Management Aspects Status/Monitoring/Trouble shooting Inventory Management Global Policy and Configuration Metering and Billing Event based Cloud Migration
  • 16. How to do the magic MULTICLOUD MANAGER ARCHITECTURE
  • 17. Why not use an existing controller?  Scale to millions, maybe billions of endpoints.  Be able to manage hybrid clouds, or even things that don’t “look” like clouds.
  • 18. How not to screw this up  Be a manager, not a micromanager.  Make the clouds do the heavy lifting.  For example – *don’t* go to MCM to validate Keystone tokens.  Support multiple backends through a pluggable architecture. OS “just another backend”.
  • 19. Let’s make a controller!  We’ll spend the next two years making the platform.  Another two making it highly available.  And another two years making it scale. Today Six years of working on a controller So let’s not.
  • 20. Does such a unicorn exist?  Well, yes!  You use them every day.  They scale to millions of users and billions of transactions.  Yes, we’re talking about web applications.  They load balance, auto scale, can be distributed geographically and still play nice.  Plus, you can build one in just a few weeks.
  • 21. An experiment  Write the MCM as a web application.  Don’t worry about “platform”.  There’s no need to solve every distributed computing problem already solved.  Just use a PaaS.
  • 23. Which PaaS  Any PaaS would do, we used google app engine APIs powered by opensource AppScale.  This lets us deploy MCM inside a customer’s private cloud of any flavor.  This architecture also lets us offer a hosted service running “in the cloud” for MCM.
  • 24. Multi Cloud Manager Architecture PaaS Webapp2 framework MCM top half MCM bottom half OS plugin Physical Router plugin IoT plugi n AWS plugi n Swagger RESTful API, json in/out Outside World Schedule right bottom half DB acces ses using PaaS API
  • 25. MCM Platform Features  Supports load based auto scaling.  Distributed database backend (big table, cassandra).  Memcache for fast access of database contents.  Web based interface for viewing and monitoring database contents.  Channels allow MCM to send real time messages to clients without polling.  Etc., etc.
  • 26. MCM interaction model Bottom Half Top Half MCM ODL ODL PLUMgrid BGP IPSec PLUMgrid
  • 27. How to protect your cluster from Godzilla  Make two or more.  Using MCM templates, synchronize your config for keystone, nova, glance, neutron, etc.  Application data is persisted by their databases doing remote sync. Why?  Too much work for MCM, and we have a less-is-more approach.
  • 28. A/A or A/S clouds VM images, user accounts, compute, storage and networking config DB MCM Top Half MCM Bottom Half App DB App DB • FM takes care of persisting configs and images. • Apps are responsible for syncing run- time databases.
  • 29. A/A or A/S clouds VM images, user accounts, compute, storage and networking config DB FM Top Half FM Bottom Half App DB App DB
  • 30. A/A or A/S clouds VM images, user accounts, compute, storage and networking config DB MCM Top Half MCM Bottom Half App DB • Keystone data, glance images etc were already synced by FM. • App’s database had been setup to do remote replication. • No impact on your keystone, swift, etc architecture or backends. • The switch from one active zone to another can be done using a GSLB or LB.
  • 31. How to do authentication and authorization IDENTITY MANAGEMENT
  • 32. This is very boring  Basically, the authentication and authorization is done “at the periphery” of the system, and MCM programs the clouds using admin accounts on trusted/encrypted channels.  MCM can use an external IdP (like oauth, saml, ldap etc).
  • 33. Server Creation MCM Keystone Nova PG/ networking 1. Create server IdP (local or external) 2. get user & group Assignment Authorization Policy 3. get role, VDs, tenant, etc. 4. check policy for (operation, role) 5. Create server using token 5’. If token has expired, reauthenticate Bottom Half Neutron 6. Check token 7. Create port using svc user token 8. Create port using svc user token (keystone or PG?)
  • 34. 2011-2015 © PLUMgrid - Confidential Information That probably wasn’t very clear Just come talk to me later