SlideShare a Scribd company logo

How to deliver High Performance OpenStack Cloud: Christoph Dwertmann, Vault Systems

OpenStack
OpenStack

Securing Openstack in Line with the Government ISM and PSPF controls and how to deliver High Performance OpenStack Cloud to address Government Legacy Systems Audience: Intermediate/Advanced Topic: Security, Infrastructure, Performance Abstract: As the CTO of Vault Systems, Christoph will take us through the challenges of implementing ASD’s ISM controls within Vault’s OpenStack cloud to create a Protected Certified OpenStack Platform and give a technical account of some of the optimizations he has done around Ceph on NVMe Storage to deliver High Performance Storage. Speaker Bio: Christoph Dwertmann, Vault Systems Christoph is a full stack engineer with four years of experience in deploying and securing Openstack. Fully automated software deployment and self-healing microservice containers are amongst his current interests. As the CTO of Vault Systems he recently deployed the world’s first pure NVMe Ceph cluster into production. From his previous work in network research for the National Science Foundation (NSF) he gathered in-depth knowledge spanning software-defined networks across continents. OpenStack Australia Day Government - Canberra 2016 https://events.aptira.com/openstack-australia-day-canberra-2016/

Technology
1 of 26
Download to read offline
Securing Openstack with ISM and delivering high-performance storage Christoph Dwertmann (CTO) OPENSTACK AUSTRALIA DAY 2016 1
● Community Cloud for Australian federal, state and local government agencies and their partners ● Founded 5 years ago ● Runs customized version of Openstack on Ubuntu ● Completed IRAP assessment to UNCLASSIFIED in 2015 ● Listed on ASD’s Certified Cloud Services List (CCSL) ● Provide ISM-compliant cloud SOE to customers ● PROTECTED coming soon, SECRET in development ● Offices & Data Centre Presence in Canberra and Sydney Who we are 2
● High density Intel XEON compute platform with converged storage ● 512GB RAM per host ● Mellanox 100Gbps networking ● Pure NVMe Ceph cluster as main storage backend ● Cinder/LVM flash storage for best IOPS performance ● Multi-region Swift cluster on spinning disks (10TB/disk) with 3x replication across different data centres ● Secure Internet Gateway with multiple redundant ISP connections (ICON connectivity coming soon) Our technology 3
● Issued annually by the Australian Signals Directorate (ASD) ● Objective is to assist Australian government agencies in applying a risk–based approach to protecting their information and systems ● 938 controls (2016) designed to mitigate the most likely threats to Australian government agencies ASD Information Security Manual 4
ISM coverage information security documentation personnel security cyber security incidents media security roles and responsibilities physical security information security monitoring communications security email security cryptography working off-site 5
● Vault’s cloud must comply with all ISM controls to pass IRAP assessment (completed in 2015) ● Vault must ensure compliance is maintained and new controls are applied ● We offer customers a compliant environment, greatly reducing their own compliance requirements ● The customer is responsible for ensuring compliance when modifying Vault’s SOE The ISM and Vault 6
● ISM slowly adopts some cloud-friendly controls ○ e.g. Controls 1460-1463: Functional separation between server-side computing environments ● Some controls are difficult: e.g. email security ○ May be easier to not use email at all ● Evaluated Product List -> a lot of outdated HW/SW ● Openstack from source allows us to meet ISM requirements - no distro Openstack is secure enough ISM and Cloud 7
Some controls may not apply: ISM and Cloud 8
Some controls are not cloud-friendly: ISM and Cloud 9
● Cinder/LVM directly maps block storage to customer VM ● Cinder supports block device sanitization: shred from the coreutils package overwrites LVM block device with random pattern (3x on Openstack) Example: Media Security cinder.conf # Method used to wipe old volumes (string value) volume_clear=shred 10
NO when sanitization fails and the data on the drive is classified Can we RMA a faulty drive? 11
Reclassifying disks through successful sanitization: Can we RMA a faulty drive? 12
Reclassifying drives through data at rest encryption: ● Self-encrypting disks: simply change encryption key (as long as drive is still accessible) ● dm-crypt: Linux-based disk encryption ● Swift object encryption (new feature in Openstack Newton) Still need to sanitize the disks! Can we RMA a faulty drive? 13
YES if the drive was reclassified to Unclassified through sanitization or encryption and sanitization & a formal administrative decision is made to release the unclassified media, or its waste, into the public domain Can we RMA a faulty drive? 14
● A bit of work to implement ● Ongoing work to keep up with latest controls ● Not always cloud-friendly ● Some creative ideas required to solve tricky controls ● Discussions with IRAP assessor can help ● Best practise for IT security ● Agencies: Vault Systems did most of the work for you! ISM conclusion 15
CEPH 16
● Free software storage platform ● In development since 2007 (Openstack: 2010) ● Implements Object, Block and File storage ● Runs on commodity hardware ● Fault-tolerant, self-healing, self-managing ● Block supports snapshots, striping, native integration with KVM and Linux ● 6 month release cycle What is Ceph? 17
Ceph Architecture 18
OSD Data Flow 19
Cinder Driver Adoption 20
● We like Open Source ● We don’t like to depend on a single vendor for support, RMA and upgrades ● Openstack integration second to none (cinder-volume, cinder-backup, nova, keystone, swift alternative) ● Mature, large online community, active development ● Versatile (Block, Object, Network FS) ● Distributed (no downtime on upgrades) ● Supports copy-on-write for fast instance creation Why are we using Ceph? 21
● 3 Monitors (8 Cores, 64GB RAM, Intel P3700 NVMe 400GB for LevelDB) - overspec’d ● 4 OSDs (16 Cores, 64GB RAM, 10x Intel P3600 NVMe 2TB) ● Total cluster size 74 TB, two replicas ● 20Gbit bonded NIC (xmit_hash_policy=layer3+4) ● https://github.com/ceph/ceph-ansible to automatically configure the hosts and deploy ceph ● fio with AIO plugin (KVM) and RBD plugin (bare metal) for benchmarking How we deploy Ceph 22
● Sequential R/W 1MB: saturate 20 Gbps port bandwidth on all four OSDs, total 7.5GB/s ● Random read 4K: >500K IOPS measured from bare metal nodes ○ Could be improved by running more than one OSD per disk ● Max 50K IOPS on a single KVM with jemalloc due to librbd memory allocation performance (35K with malloc) ● Latency 1ms, Cinder/LVM beats it (0.6ms) Performance observations 23
● Patch ceph-ansible to support more than one OSD per disk (2 for SSD, 4 for NVMe) ● Move to converged compute/storage architecture ● Use RDMA in latest Ceph release to improve latency / IOPS ● Deploy Ceph Bluestore when it’s ready for production Future work on Ceph 24
● Slide 8: http://www.theradiohistorian.org/ ● Slide 19: Jian Zhang (Intel) ● Slide 20: Sage Weil (Red Hat) ● Slide 24: http://cryptid-creations.deviantart.com/art/Daily-Paint-986- Octopus-vs-Cookie-Jar-OA-551061037 Credits 25
vaultsystems.com.au christoph.dwertmann@vaultsystems.com.au Questions? 26

Recommended

Addressing Issues of Risk & Governance in OpenStack without sacrificing Agili...
Addressing Issues of Risk & Governance in OpenStack without sacrificing Agili...Addressing Issues of Risk & Governance in OpenStack without sacrificing Agili...
Addressing Issues of Risk & Governance in OpenStack without sacrificing Agili...
OpenStack
 
/bin/tails from OpenStack Operations: Rarm Nagalingam, Red Hat
/bin/tails from OpenStack Operations: Rarm Nagalingam, Red Hat/bin/tails from OpenStack Operations: Rarm Nagalingam, Red Hat
/bin/tails from OpenStack Operations: Rarm Nagalingam, Red Hat
OpenStack
 
Infrastructure as Code 101: Steve Tegeler + Nathan Ness, VMware
Infrastructure as Code 101: Steve Tegeler + Nathan Ness, VMwareInfrastructure as Code 101: Steve Tegeler + Nathan Ness, VMware
Infrastructure as Code 101: Steve Tegeler + Nathan Ness, VMware
OpenStack
 
OpenStack and Rackspace – an Australian perspective: Tony Breeds, Rackspace
OpenStack and Rackspace – an Australian perspective: Tony Breeds, RackspaceOpenStack and Rackspace – an Australian perspective: Tony Breeds, Rackspace
OpenStack and Rackspace – an Australian perspective: Tony Breeds, Rackspace
OpenStack
 
The Consequences of Infinite Storage Bandwidth: Allen Samuels, SanDisk
The Consequences of Infinite Storage Bandwidth: Allen Samuels, SanDiskThe Consequences of Infinite Storage Bandwidth: Allen Samuels, SanDisk
The Consequences of Infinite Storage Bandwidth: Allen Samuels, SanDisk
OpenStack
 
Simplifying OpenStack Networks with Routing on the Host: Gerard Chami + Scott...
Simplifying OpenStack Networks with Routing on the Host: Gerard Chami + Scott...Simplifying OpenStack Networks with Routing on the Host: Gerard Chami + Scott...
Simplifying OpenStack Networks with Routing on the Host: Gerard Chami + Scott...
OpenStack
 
Making Openstack Really Easy - Why Build Open Source When You Can Buy? Danny ...
Making Openstack Really Easy - Why Build Open Source When You Can Buy? Danny ...Making Openstack Really Easy - Why Build Open Source When You Can Buy? Danny ...
Making Openstack Really Easy - Why Build Open Source When You Can Buy? Danny ...
OpenStack
 
Things You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst IT
Things You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst ITThings You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst IT
Things You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst IT
OpenStack
 

Recommended

Addressing Issues of Risk & Governance in OpenStack without sacrificing Agili...
Addressing Issues of Risk & Governance in OpenStack without sacrificing Agili...Addressing Issues of Risk & Governance in OpenStack without sacrificing Agili...
Addressing Issues of Risk & Governance in OpenStack without sacrificing Agili...
OpenStack
 
/bin/tails from OpenStack Operations: Rarm Nagalingam, Red Hat
/bin/tails from OpenStack Operations: Rarm Nagalingam, Red Hat/bin/tails from OpenStack Operations: Rarm Nagalingam, Red Hat
/bin/tails from OpenStack Operations: Rarm Nagalingam, Red Hat
OpenStack
 
Infrastructure as Code 101: Steve Tegeler + Nathan Ness, VMware
Infrastructure as Code 101: Steve Tegeler + Nathan Ness, VMwareInfrastructure as Code 101: Steve Tegeler + Nathan Ness, VMware
Infrastructure as Code 101: Steve Tegeler + Nathan Ness, VMware
OpenStack
 
OpenStack and Rackspace – an Australian perspective: Tony Breeds, Rackspace
OpenStack and Rackspace – an Australian perspective: Tony Breeds, RackspaceOpenStack and Rackspace – an Australian perspective: Tony Breeds, Rackspace
OpenStack and Rackspace – an Australian perspective: Tony Breeds, Rackspace
OpenStack
 
The Consequences of Infinite Storage Bandwidth: Allen Samuels, SanDisk
The Consequences of Infinite Storage Bandwidth: Allen Samuels, SanDiskThe Consequences of Infinite Storage Bandwidth: Allen Samuels, SanDisk
The Consequences of Infinite Storage Bandwidth: Allen Samuels, SanDisk
OpenStack
 
Simplifying OpenStack Networks with Routing on the Host: Gerard Chami + Scott...
Simplifying OpenStack Networks with Routing on the Host: Gerard Chami + Scott...Simplifying OpenStack Networks with Routing on the Host: Gerard Chami + Scott...
Simplifying OpenStack Networks with Routing on the Host: Gerard Chami + Scott...
OpenStack
 
Making Openstack Really Easy - Why Build Open Source When You Can Buy? Danny ...
Making Openstack Really Easy - Why Build Open Source When You Can Buy? Danny ...Making Openstack Really Easy - Why Build Open Source When You Can Buy? Danny ...
Making Openstack Really Easy - Why Build Open Source When You Can Buy? Danny ...
OpenStack
 
Things You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst IT
Things You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst ITThings You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst IT
Things You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst IT
OpenStack
 
Containers and OpenStack: Marc Van Hoof, Kumulus: Containers and OpenStack
Containers and OpenStack: Marc Van Hoof, Kumulus: Containers and OpenStackContainers and OpenStack: Marc Van Hoof, Kumulus: Containers and OpenStack
Containers and OpenStack: Marc Van Hoof, Kumulus: Containers and OpenStack
OpenStack
 
Push-button Composition of Oracle Application and Database Environments: Avi ...
Push-button Composition of Oracle Application and Database Environments: Avi ...Push-button Composition of Oracle Application and Database Environments: Avi ...
Push-button Composition of Oracle Application and Database Environments: Avi ...
OpenStack
 
Deploying OpenStack with Ansible
Deploying OpenStack with AnsibleDeploying OpenStack with Ansible
Deploying OpenStack with Ansible
Kevin Carter
 
Simple flexible deployments with openstack ansible
Simple flexible deployments with openstack ansibleSimple flexible deployments with openstack ansible
Simple flexible deployments with openstack ansible
Jean-Philippe Evrard
 
[OpenStack Day in Korea 2015] Track 2-6 - Apache Tajo on Swift
[OpenStack Day in Korea 2015] Track 2-6 - Apache Tajo on Swift[OpenStack Day in Korea 2015] Track 2-6 - Apache Tajo on Swift
[OpenStack Day in Korea 2015] Track 2-6 - Apache Tajo on Swift
OpenStack Korea Community
 
The OpenStack Tacker Project and SDN/NFV MANO: Craig Stevens, Brocade
The OpenStack Tacker Project and SDN/NFV MANO: Craig Stevens, BrocadeThe OpenStack Tacker Project and SDN/NFV MANO: Craig Stevens, Brocade
The OpenStack Tacker Project and SDN/NFV MANO: Craig Stevens, Brocade
OpenStack
 
[OpenStack Day in Korea 2015] Track 2-2 - OpenStack for PaaS: Why it's Hot
[OpenStack Day in Korea 2015] Track 2-2 - OpenStack for PaaS: Why it's Hot[OpenStack Day in Korea 2015] Track 2-2 - OpenStack for PaaS: Why it's Hot
[OpenStack Day in Korea 2015] Track 2-2 - OpenStack for PaaS: Why it's Hot
OpenStack Korea Community
 
Moving to Cloud for Good: Alexander Tsirel, HiveTec
Moving to Cloud for Good: Alexander Tsirel, HiveTecMoving to Cloud for Good: Alexander Tsirel, HiveTec
Moving to Cloud for Good: Alexander Tsirel, HiveTec
OpenStack
 
OpenStack QA Tooling & How to use it for Production Cloud Testing | Ghanshyam...
OpenStack QA Tooling & How to use it for Production Cloud Testing | Ghanshyam...OpenStack QA Tooling & How to use it for Production Cloud Testing | Ghanshyam...
OpenStack QA Tooling & How to use it for Production Cloud Testing | Ghanshyam...
Vietnam Open Infrastructure User Group
 
Openstack devops challenges
Openstack devops challenges Openstack devops challenges
Openstack devops challenges
openstackindia
 
Building a Microsoft cloud with open technologies
Building a Microsoft cloud with open technologiesBuilding a Microsoft cloud with open technologies
Building a Microsoft cloud with open technologies
Alessandro Pilotti
 
OpenStack-Ansible Project Update
OpenStack-Ansible Project UpdateOpenStack-Ansible Project Update
OpenStack-Ansible Project Update
Jesse Pretorius
 
Meetup 23 - 01 - The things I wish I would have known before doing OpenStack ...
Meetup 23 - 01 - The things I wish I would have known before doing OpenStack ...Meetup 23 - 01 - The things I wish I would have known before doing OpenStack ...
Meetup 23 - 01 - The things I wish I would have known before doing OpenStack ...
Vietnam Open Infrastructure User Group
 
OpenStack-Ansible Security
OpenStack-Ansible SecurityOpenStack-Ansible Security
OpenStack-Ansible Security
Major Hayden
 
Unrevealed Story Behind Viettel Network Cloud Hotpot | Đặng Văn Đại, Hà Mạnh ...
Unrevealed Story Behind Viettel Network Cloud Hotpot | Đặng Văn Đại, Hà Mạnh ...Unrevealed Story Behind Viettel Network Cloud Hotpot | Đặng Văn Đại, Hà Mạnh ...
Unrevealed Story Behind Viettel Network Cloud Hotpot | Đặng Văn Đại, Hà Mạnh ...
Vietnam Open Infrastructure User Group
 
Applying OpenStack at iNET use case
Applying OpenStack at iNET use caseApplying OpenStack at iNET use case
Applying OpenStack at iNET use case
Vietnam Open Infrastructure User Group
 
VIO30 Technical Overview
VIO30 Technical OverviewVIO30 Technical Overview
VIO30 Technical Overview
Julienne Pham
 
Wido den hollander cloud stack and ceph
Wido den hollander cloud stack and cephWido den hollander cloud stack and ceph
Wido den hollander cloud stack and ceph
ShapeBlue
 
Success With OpenStack in Production - Frank Weyns - Openstack Day Israel 2016
Success With OpenStack in Production - Frank Weyns - Openstack Day Israel 2016Success With OpenStack in Production - Frank Weyns - Openstack Day Israel 2016
Success With OpenStack in Production - Frank Weyns - Openstack Day Israel 2016
Cloud Native Day Tel Aviv
 
OPNFV & OpenStack
OPNFV & OpenStackOPNFV & OpenStack
OPNFV & OpenStack
openstackindia
 
Big Data and OpenStack, a Love Story: Michael Still, Rackspace
Big Data and OpenStack, a Love Story: Michael Still, RackspaceBig Data and OpenStack, a Love Story: Michael Still, Rackspace
Big Data and OpenStack, a Love Story: Michael Still, Rackspace
OpenStack
 
An Open Approach to Government Cloud: Dez Blanchfield, Vault Systems
An Open Approach to Government Cloud: Dez Blanchfield, Vault SystemsAn Open Approach to Government Cloud: Dez Blanchfield, Vault Systems
An Open Approach to Government Cloud: Dez Blanchfield, Vault Systems
OpenStack
 

More Related Content

What's hot

Containers and OpenStack: Marc Van Hoof, Kumulus: Containers and OpenStack
Containers and OpenStack: Marc Van Hoof, Kumulus: Containers and OpenStackContainers and OpenStack: Marc Van Hoof, Kumulus: Containers and OpenStack
Containers and OpenStack: Marc Van Hoof, Kumulus: Containers and OpenStack
OpenStack
 
Push-button Composition of Oracle Application and Database Environments: Avi ...
Push-button Composition of Oracle Application and Database Environments: Avi ...Push-button Composition of Oracle Application and Database Environments: Avi ...
Push-button Composition of Oracle Application and Database Environments: Avi ...
OpenStack
 
The OpenStack Tacker Project and SDN/NFV MANO: Craig Stevens, Brocade
The OpenStack Tacker Project and SDN/NFV MANO: Craig Stevens, BrocadeThe OpenStack Tacker Project and SDN/NFV MANO: Craig Stevens, Brocade
The OpenStack Tacker Project and SDN/NFV MANO: Craig Stevens, Brocade
OpenStack
 
Moving to Cloud for Good: Alexander Tsirel, HiveTec
Moving to Cloud for Good: Alexander Tsirel, HiveTecMoving to Cloud for Good: Alexander Tsirel, HiveTec
Moving to Cloud for Good: Alexander Tsirel, HiveTec
OpenStack
 
Openstack devops challenges
Openstack devops challenges Openstack devops challenges
Openstack devops challenges
openstackindia
 
Building a Microsoft cloud with open technologies
Building a Microsoft cloud with open technologiesBuilding a Microsoft cloud with open technologies
Building a Microsoft cloud with open technologies
Alessandro Pilotti
 
VIO30 Technical Overview
VIO30 Technical OverviewVIO30 Technical Overview
VIO30 Technical Overview
Julienne Pham
 

What's hot (20)

Containers and OpenStack: Marc Van Hoof, Kumulus: Containers and OpenStack
Containers and OpenStack: Marc Van Hoof, Kumulus: Containers and OpenStackContainers and OpenStack: Marc Van Hoof, Kumulus: Containers and OpenStack
Containers and OpenStack: Marc Van Hoof, Kumulus: Containers and OpenStack
 
Push-button Composition of Oracle Application and Database Environments: Avi ...
Push-button Composition of Oracle Application and Database Environments: Avi ...Push-button Composition of Oracle Application and Database Environments: Avi ...
Push-button Composition of Oracle Application and Database Environments: Avi ...
 
Deploying OpenStack with Ansible
Deploying OpenStack with AnsibleDeploying OpenStack with Ansible
Deploying OpenStack with Ansible
 
Simple flexible deployments with openstack ansible
Simple flexible deployments with openstack ansibleSimple flexible deployments with openstack ansible
Simple flexible deployments with openstack ansible
 
[OpenStack Day in Korea 2015] Track 2-6 - Apache Tajo on Swift
[OpenStack Day in Korea 2015] Track 2-6 - Apache Tajo on Swift[OpenStack Day in Korea 2015] Track 2-6 - Apache Tajo on Swift
[OpenStack Day in Korea 2015] Track 2-6 - Apache Tajo on Swift
 
The OpenStack Tacker Project and SDN/NFV MANO: Craig Stevens, Brocade
The OpenStack Tacker Project and SDN/NFV MANO: Craig Stevens, BrocadeThe OpenStack Tacker Project and SDN/NFV MANO: Craig Stevens, Brocade
The OpenStack Tacker Project and SDN/NFV MANO: Craig Stevens, Brocade
 
[OpenStack Day in Korea 2015] Track 2-2 - OpenStack for PaaS: Why it's Hot
[OpenStack Day in Korea 2015] Track 2-2 - OpenStack for PaaS: Why it's Hot[OpenStack Day in Korea 2015] Track 2-2 - OpenStack for PaaS: Why it's Hot
[OpenStack Day in Korea 2015] Track 2-2 - OpenStack for PaaS: Why it's Hot
 
Moving to Cloud for Good: Alexander Tsirel, HiveTec
Moving to Cloud for Good: Alexander Tsirel, HiveTecMoving to Cloud for Good: Alexander Tsirel, HiveTec
Moving to Cloud for Good: Alexander Tsirel, HiveTec
 
OpenStack QA Tooling & How to use it for Production Cloud Testing | Ghanshyam...
OpenStack QA Tooling & How to use it for Production Cloud Testing | Ghanshyam...OpenStack QA Tooling & How to use it for Production Cloud Testing | Ghanshyam...
OpenStack QA Tooling & How to use it for Production Cloud Testing | Ghanshyam...
 
Openstack devops challenges
Openstack devops challenges Openstack devops challenges
Openstack devops challenges
 
Building a Microsoft cloud with open technologies
Building a Microsoft cloud with open technologiesBuilding a Microsoft cloud with open technologies
Building a Microsoft cloud with open technologies
 
OpenStack-Ansible Project Update
OpenStack-Ansible Project UpdateOpenStack-Ansible Project Update
OpenStack-Ansible Project Update
 
Meetup 23 - 01 - The things I wish I would have known before doing OpenStack ...
Meetup 23 - 01 - The things I wish I would have known before doing OpenStack ...Meetup 23 - 01 - The things I wish I would have known before doing OpenStack ...
Meetup 23 - 01 - The things I wish I would have known before doing OpenStack ...
 
OpenStack-Ansible Security
OpenStack-Ansible SecurityOpenStack-Ansible Security
OpenStack-Ansible Security
 
Unrevealed Story Behind Viettel Network Cloud Hotpot | Đặng Văn Đại, Hà Mạnh ...
Unrevealed Story Behind Viettel Network Cloud Hotpot | Đặng Văn Đại, Hà Mạnh ...Unrevealed Story Behind Viettel Network Cloud Hotpot | Đặng Văn Đại, Hà Mạnh ...
Unrevealed Story Behind Viettel Network Cloud Hotpot | Đặng Văn Đại, Hà Mạnh ...
 
Applying OpenStack at iNET use case
Applying OpenStack at iNET use caseApplying OpenStack at iNET use case
Applying OpenStack at iNET use case
 
VIO30 Technical Overview
VIO30 Technical OverviewVIO30 Technical Overview
VIO30 Technical Overview
 
Wido den hollander cloud stack and ceph
Wido den hollander cloud stack and cephWido den hollander cloud stack and ceph
Wido den hollander cloud stack and ceph
 
Success With OpenStack in Production - Frank Weyns - Openstack Day Israel 2016
Success With OpenStack in Production - Frank Weyns - Openstack Day Israel 2016Success With OpenStack in Production - Frank Weyns - Openstack Day Israel 2016
Success With OpenStack in Production - Frank Weyns - Openstack Day Israel 2016
 
OPNFV & OpenStack
OPNFV & OpenStackOPNFV & OpenStack
OPNFV & OpenStack
 

Viewers also liked

Big Data and OpenStack, a Love Story: Michael Still, Rackspace
Big Data and OpenStack, a Love Story: Michael Still, RackspaceBig Data and OpenStack, a Love Story: Michael Still, Rackspace
Big Data and OpenStack, a Love Story: Michael Still, Rackspace
OpenStack
 
An Open Approach to Government Cloud: Dez Blanchfield, Vault Systems
An Open Approach to Government Cloud: Dez Blanchfield, Vault SystemsAn Open Approach to Government Cloud: Dez Blanchfield, Vault Systems
An Open Approach to Government Cloud: Dez Blanchfield, Vault Systems
OpenStack
 
Crowbar and OpenStack: Steve Kowalik, SUSE
Crowbar and OpenStack: Steve Kowalik, SUSECrowbar and OpenStack: Steve Kowalik, SUSE
Crowbar and OpenStack: Steve Kowalik, SUSE
OpenStack
 
Implementing OpenStack in a Government Environment: Vanessa Binding, Departme...
Implementing OpenStack in a Government Environment: Vanessa Binding, Departme...Implementing OpenStack in a Government Environment: Vanessa Binding, Departme...
Implementing OpenStack in a Government Environment: Vanessa Binding, Departme...
OpenStack
 
The Environment for Innovation: Tristan Goode, Aptira
The Environment for Innovation: Tristan Goode, AptiraThe Environment for Innovation: Tristan Goode, Aptira
The Environment for Innovation: Tristan Goode, Aptira
OpenStack
 
We Are OpenStack: David F. Flanders & Tom Fifield, OpenStack Foundation
We Are OpenStack: David F. Flanders & Tom Fifield, OpenStack FoundationWe Are OpenStack: David F. Flanders & Tom Fifield, OpenStack Foundation
We Are OpenStack: David F. Flanders & Tom Fifield, OpenStack Foundation
OpenStack
 
The 'Untold' OpenStack Enterprise Customer Stories: Anthony Rees & Alex Tesch...
The 'Untold' OpenStack Enterprise Customer Stories: Anthony Rees & Alex Tesch...The 'Untold' OpenStack Enterprise Customer Stories: Anthony Rees & Alex Tesch...
The 'Untold' OpenStack Enterprise Customer Stories: Anthony Rees & Alex Tesch...
OpenStack
 
Multiple Sites and Disaster Recovery with Ceph: Andrew Hatfield, Red Hat
Multiple Sites and Disaster Recovery with Ceph: Andrew Hatfield, Red HatMultiple Sites and Disaster Recovery with Ceph: Andrew Hatfield, Red Hat
Multiple Sites and Disaster Recovery with Ceph: Andrew Hatfield, Red Hat
OpenStack
 
OpenStack Australia Day 2016 - Peter Lees, SUSE: Planning an Enterprise OpenS...
OpenStack Australia Day 2016 - Peter Lees, SUSE: Planning an Enterprise OpenS...OpenStack Australia Day 2016 - Peter Lees, SUSE: Planning an Enterprise OpenS...
OpenStack Australia Day 2016 - Peter Lees, SUSE: Planning an Enterprise OpenS...
OpenStack
 
From Community to Enterprise and Back Again! Chris Wright, Red Hat
From Community to Enterprise and Back Again! Chris Wright, Red HatFrom Community to Enterprise and Back Again! Chris Wright, Red Hat
From Community to Enterprise and Back Again! Chris Wright, Red Hat
OpenStack
 
We Are OpenStack: Jonathan Bryce, OpenStack Foundation
We Are OpenStack: Jonathan Bryce, OpenStack FoundationWe Are OpenStack: Jonathan Bryce, OpenStack Foundation
We Are OpenStack: Jonathan Bryce, OpenStack Foundation
OpenStack
 
Using OpenStack to Accelerate New Product Development: Rik Harris, Telstra
Using OpenStack to Accelerate New Product Development: Rik Harris, TelstraUsing OpenStack to Accelerate New Product Development: Rik Harris, Telstra
Using OpenStack to Accelerate New Product Development: Rik Harris, Telstra
OpenStack
 

Viewers also liked (12)

Big Data and OpenStack, a Love Story: Michael Still, Rackspace
Big Data and OpenStack, a Love Story: Michael Still, RackspaceBig Data and OpenStack, a Love Story: Michael Still, Rackspace
Big Data and OpenStack, a Love Story: Michael Still, Rackspace
 
An Open Approach to Government Cloud: Dez Blanchfield, Vault Systems
An Open Approach to Government Cloud: Dez Blanchfield, Vault SystemsAn Open Approach to Government Cloud: Dez Blanchfield, Vault Systems
An Open Approach to Government Cloud: Dez Blanchfield, Vault Systems
 
Crowbar and OpenStack: Steve Kowalik, SUSE
Crowbar and OpenStack: Steve Kowalik, SUSECrowbar and OpenStack: Steve Kowalik, SUSE
Crowbar and OpenStack: Steve Kowalik, SUSE
 
Implementing OpenStack in a Government Environment: Vanessa Binding, Departme...
Implementing OpenStack in a Government Environment: Vanessa Binding, Departme...Implementing OpenStack in a Government Environment: Vanessa Binding, Departme...
Implementing OpenStack in a Government Environment: Vanessa Binding, Departme...
 
The Environment for Innovation: Tristan Goode, Aptira
The Environment for Innovation: Tristan Goode, AptiraThe Environment for Innovation: Tristan Goode, Aptira
The Environment for Innovation: Tristan Goode, Aptira
 
We Are OpenStack: David F. Flanders & Tom Fifield, OpenStack Foundation
We Are OpenStack: David F. Flanders & Tom Fifield, OpenStack FoundationWe Are OpenStack: David F. Flanders & Tom Fifield, OpenStack Foundation
We Are OpenStack: David F. Flanders & Tom Fifield, OpenStack Foundation
 
The 'Untold' OpenStack Enterprise Customer Stories: Anthony Rees & Alex Tesch...
The 'Untold' OpenStack Enterprise Customer Stories: Anthony Rees & Alex Tesch...The 'Untold' OpenStack Enterprise Customer Stories: Anthony Rees & Alex Tesch...
The 'Untold' OpenStack Enterprise Customer Stories: Anthony Rees & Alex Tesch...
 
Multiple Sites and Disaster Recovery with Ceph: Andrew Hatfield, Red Hat
Multiple Sites and Disaster Recovery with Ceph: Andrew Hatfield, Red HatMultiple Sites and Disaster Recovery with Ceph: Andrew Hatfield, Red Hat
Multiple Sites and Disaster Recovery with Ceph: Andrew Hatfield, Red Hat
 
OpenStack Australia Day 2016 - Peter Lees, SUSE: Planning an Enterprise OpenS...
OpenStack Australia Day 2016 - Peter Lees, SUSE: Planning an Enterprise OpenS...OpenStack Australia Day 2016 - Peter Lees, SUSE: Planning an Enterprise OpenS...
OpenStack Australia Day 2016 - Peter Lees, SUSE: Planning an Enterprise OpenS...
 
From Community to Enterprise and Back Again! Chris Wright, Red Hat
From Community to Enterprise and Back Again! Chris Wright, Red HatFrom Community to Enterprise and Back Again! Chris Wright, Red Hat
From Community to Enterprise and Back Again! Chris Wright, Red Hat
 
We Are OpenStack: Jonathan Bryce, OpenStack Foundation
We Are OpenStack: Jonathan Bryce, OpenStack FoundationWe Are OpenStack: Jonathan Bryce, OpenStack Foundation
We Are OpenStack: Jonathan Bryce, OpenStack Foundation
 
Using OpenStack to Accelerate New Product Development: Rik Harris, Telstra
Using OpenStack to Accelerate New Product Development: Rik Harris, TelstraUsing OpenStack to Accelerate New Product Development: Rik Harris, Telstra
Using OpenStack to Accelerate New Product Development: Rik Harris, Telstra
 

Similar to How to deliver High Performance OpenStack Cloud: Christoph Dwertmann, Vault Systems

Webinar: OpenEBS - Still Free and now FASTEST Kubernetes storage
Webinar: OpenEBS - Still Free and now FASTEST Kubernetes storageWebinar: OpenEBS - Still Free and now FASTEST Kubernetes storage
Webinar: OpenEBS - Still Free and now FASTEST Kubernetes storage
MayaData Inc
 
Ceph storage for ocp deploying and managing ceph on top of open shift conta...
Ceph storage for ocp deploying and managing ceph on top of open shift conta...Ceph storage for ocp deploying and managing ceph on top of open shift conta...
Ceph storage for ocp deploying and managing ceph on top of open shift conta...
OrFriedmann
 
Implementing data and databases on K8s within the Dutch government
Implementing data and databases on K8s within the Dutch governmentImplementing data and databases on K8s within the Dutch government
Implementing data and databases on K8s within the Dutch government
DoKC
 

Similar to How to deliver High Performance OpenStack Cloud: Christoph Dwertmann, Vault Systems (20)

Webinar: OpenEBS - Still Free and now FASTEST Kubernetes storage
Webinar: OpenEBS - Still Free and now FASTEST Kubernetes storageWebinar: OpenEBS - Still Free and now FASTEST Kubernetes storage
Webinar: OpenEBS - Still Free and now FASTEST Kubernetes storage
 
2021.02 new in Ceph Pacific Dashboard
2021.02 new in Ceph Pacific Dashboard2021.02 new in Ceph Pacific Dashboard
2021.02 new in Ceph Pacific Dashboard
 
Ceph storage for ocp deploying and managing ceph on top of open shift conta...
Ceph storage for ocp deploying and managing ceph on top of open shift conta...Ceph storage for ocp deploying and managing ceph on top of open shift conta...
Ceph storage for ocp deploying and managing ceph on top of open shift conta...
 
Ambedded - how to build a true no single point of failure ceph cluster
Ambedded - how to build a true no single point of failure ceph cluster Ambedded - how to build a true no single point of failure ceph cluster
Ambedded - how to build a true no single point of failure ceph cluster
 
Running OpenStack in Production - Barcamp Saigon 2016
Running OpenStack in Production - Barcamp Saigon 2016Running OpenStack in Production - Barcamp Saigon 2016
Running OpenStack in Production - Barcamp Saigon 2016
 
Performance characterization in large distributed file system with gluster fs
Performance characterization in large distributed file system with gluster fsPerformance characterization in large distributed file system with gluster fs
Performance characterization in large distributed file system with gluster fs
 
OpenNebula and StorPool: Building Powerful Clouds
OpenNebula and StorPool: Building Powerful CloudsOpenNebula and StorPool: Building Powerful Clouds
OpenNebula and StorPool: Building Powerful Clouds
 
Red Hat Enterprise Linux: Open, hyperconverged infrastructure
Red Hat Enterprise Linux: Open, hyperconverged infrastructureRed Hat Enterprise Linux: Open, hyperconverged infrastructure
Red Hat Enterprise Linux: Open, hyperconverged infrastructure
 
Sanger OpenStack presentation March 2017
Sanger OpenStack presentation March 2017Sanger OpenStack presentation March 2017
Sanger OpenStack presentation March 2017
 
Linux Stammtisch Munich: Ceph - Overview, Experiences and Outlook
Linux Stammtisch Munich: Ceph - Overview, Experiences and OutlookLinux Stammtisch Munich: Ceph - Overview, Experiences and Outlook
Linux Stammtisch Munich: Ceph - Overview, Experiences and Outlook
 
NetflixOSS Meetup season 3 episode 1
NetflixOSS Meetup season 3 episode 1NetflixOSS Meetup season 3 episode 1
NetflixOSS Meetup season 3 episode 1
 
In-Ceph-tion: Deploying a Ceph cluster on DreamCompute
In-Ceph-tion: Deploying a Ceph cluster on DreamComputeIn-Ceph-tion: Deploying a Ceph cluster on DreamCompute
In-Ceph-tion: Deploying a Ceph cluster on DreamCompute
 
OpenEBS hangout #4
OpenEBS hangout #4OpenEBS hangout #4
OpenEBS hangout #4
 
OpenStack Best Practices and Considerations - terasky tech day
OpenStack Best Practices and Considerations - terasky tech dayOpenStack Best Practices and Considerations - terasky tech day
OpenStack Best Practices and Considerations - terasky tech day
 
Implementing data and databases on K8s within the Dutch government
Implementing data and databases on K8s within the Dutch governmentImplementing data and databases on K8s within the Dutch government
Implementing data and databases on K8s within the Dutch government
 
Backup management with Ceph Storage - Camilo Echevarne, Félix Barbeira
Backup management with Ceph Storage - Camilo Echevarne, Félix BarbeiraBackup management with Ceph Storage - Camilo Echevarne, Félix Barbeira
Backup management with Ceph Storage - Camilo Echevarne, Félix Barbeira
 
OpenStack Cinder, Implementation Today and New Trends for Tomorrow
OpenStack Cinder, Implementation Today and New Trends for TomorrowOpenStack Cinder, Implementation Today and New Trends for Tomorrow
OpenStack Cinder, Implementation Today and New Trends for Tomorrow
 
Minimal OpenStack LinuxCon NA 2015
Minimal OpenStack LinuxCon NA 2015Minimal OpenStack LinuxCon NA 2015
Minimal OpenStack LinuxCon NA 2015
 
OpenNebula TechDay Waterloo 2015 - Hyperconvergence and OpenNebula
OpenNebula TechDay Waterloo 2015 - Hyperconvergence and OpenNebulaOpenNebula TechDay Waterloo 2015 - Hyperconvergence and OpenNebula
OpenNebula TechDay Waterloo 2015 - Hyperconvergence and OpenNebula
 
Introduction into Ceph storage for OpenStack
Introduction into Ceph storage for OpenStackIntroduction into Ceph storage for OpenStack
Introduction into Ceph storage for OpenStack
 

More from OpenStack

Swinburne University of Technology - Shunde Zhang & Kieran Spear, Aptira
Swinburne University of Technology - Shunde Zhang & Kieran Spear, AptiraSwinburne University of Technology - Shunde Zhang & Kieran Spear, Aptira
Swinburne University of Technology - Shunde Zhang & Kieran Spear, Aptira
OpenStack
 
Related OSS Projects - Peter Rowe, Flexera Software
Related OSS Projects - Peter Rowe, Flexera SoftwareRelated OSS Projects - Peter Rowe, Flexera Software
Related OSS Projects - Peter Rowe, Flexera Software
OpenStack
 
Supercomputing by API: Connecting Modern Web Apps to HPC
Supercomputing by API: Connecting Modern Web Apps to HPCSupercomputing by API: Connecting Modern Web Apps to HPC
Supercomputing by API: Connecting Modern Web Apps to HPC
OpenStack
 
Federation and Interoperability in the Nectar Research Cloud
Federation and Interoperability in the Nectar Research CloudFederation and Interoperability in the Nectar Research Cloud
Federation and Interoperability in the Nectar Research Cloud
OpenStack
 
Simplifying the Move to OpenStack
Simplifying the Move to OpenStackSimplifying the Move to OpenStack
Simplifying the Move to OpenStack
OpenStack
 
Hyperconverged Cloud, Not just a toy anymore - Andrew Hatfield, Red Hat
Hyperconverged Cloud, Not just a toy anymore - Andrew Hatfield, Red HatHyperconverged Cloud, Not just a toy anymore - Andrew Hatfield, Red Hat
Hyperconverged Cloud, Not just a toy anymore - Andrew Hatfield, Red Hat
OpenStack
 
Migrating your infrastructure to OpenStack - Avi Miller, Oracle
Migrating your infrastructure to OpenStack - Avi Miller, OracleMigrating your infrastructure to OpenStack - Avi Miller, Oracle
Migrating your infrastructure to OpenStack - Avi Miller, Oracle
OpenStack
 
A glimpse into an industry Cloud using Open Source Technologies - Adrian Koh,...
A glimpse into an industry Cloud using Open Source Technologies - Adrian Koh,...A glimpse into an industry Cloud using Open Source Technologies - Adrian Koh,...
A glimpse into an industry Cloud using Open Source Technologies - Adrian Koh,...
OpenStack
 
Enabling OpenStack for Enterprise - Tarso Dos Santos, Veritas
Enabling OpenStack for Enterprise - Tarso Dos Santos, VeritasEnabling OpenStack for Enterprise - Tarso Dos Santos, Veritas
Enabling OpenStack for Enterprise - Tarso Dos Santos, Veritas
OpenStack
 
Understanding blue store, Ceph's new storage backend - Tim Serong, SUSE
Understanding blue store, Ceph's new storage backend - Tim Serong, SUSEUnderstanding blue store, Ceph's new storage backend - Tim Serong, SUSE
Understanding blue store, Ceph's new storage backend - Tim Serong, SUSE
OpenStack
 
OpenStack Networks the Web-Scale Way - Scott Laffer, Cumulus Networks
OpenStack Networks the Web-Scale Way - Scott Laffer, Cumulus NetworksOpenStack Networks the Web-Scale Way - Scott Laffer, Cumulus Networks
OpenStack Networks the Web-Scale Way - Scott Laffer, Cumulus Networks
OpenStack
 
Diving in the desert: A quick overview into OpenStack Sahara capabilities - A...
Diving in the desert: A quick overview into OpenStack Sahara capabilities - A...Diving in the desert: A quick overview into OpenStack Sahara capabilities - A...
Diving in the desert: A quick overview into OpenStack Sahara capabilities - A...
OpenStack
 
Building a GPU-enabled OpenStack Cloud for HPC - Blair Bethwaite, Monash Univ...
Building a GPU-enabled OpenStack Cloud for HPC - Blair Bethwaite, Monash Univ...Building a GPU-enabled OpenStack Cloud for HPC - Blair Bethwaite, Monash Univ...
Building a GPU-enabled OpenStack Cloud for HPC - Blair Bethwaite, Monash Univ...
OpenStack
 
OpenStack and Red Hat: How we learned to adapt with our customers in a maturi...
OpenStack and Red Hat: How we learned to adapt with our customers in a maturi...OpenStack and Red Hat: How we learned to adapt with our customers in a maturi...
OpenStack and Red Hat: How we learned to adapt with our customers in a maturi...
OpenStack
 
Meshing OpenStack and Bare Metal Networks with EVPN - David Iles, Mellanox Te...
Meshing OpenStack and Bare Metal Networks with EVPN - David Iles, Mellanox Te...Meshing OpenStack and Bare Metal Networks with EVPN - David Iles, Mellanox Te...
Meshing OpenStack and Bare Metal Networks with EVPN - David Iles, Mellanox Te...
OpenStack
 
The Why and How of HPC-Cloud Hybrids with OpenStack - Lev Lafayette, Universi...
The Why and How of HPC-Cloud Hybrids with OpenStack - Lev Lafayette, Universi...The Why and How of HPC-Cloud Hybrids with OpenStack - Lev Lafayette, Universi...
The Why and How of HPC-Cloud Hybrids with OpenStack - Lev Lafayette, Universi...
OpenStack
 
Traditional Enterprise to OpenStack Cloud - An Unexpected Journey
Traditional Enterprise to OpenStack Cloud - An Unexpected JourneyTraditional Enterprise to OpenStack Cloud - An Unexpected Journey
Traditional Enterprise to OpenStack Cloud - An Unexpected Journey
OpenStack
 
Building a GPU-enabled OpenStack Cloud for HPC - Lance Wilson, Monash University
Building a GPU-enabled OpenStack Cloud for HPC - Lance Wilson, Monash UniversityBuilding a GPU-enabled OpenStack Cloud for HPC - Lance Wilson, Monash University
Building a GPU-enabled OpenStack Cloud for HPC - Lance Wilson, Monash University
OpenStack
 

More from OpenStack (20)

Swinburne University of Technology - Shunde Zhang & Kieran Spear, Aptira
Swinburne University of Technology - Shunde Zhang & Kieran Spear, AptiraSwinburne University of Technology - Shunde Zhang & Kieran Spear, Aptira
Swinburne University of Technology - Shunde Zhang & Kieran Spear, Aptira
 
Related OSS Projects - Peter Rowe, Flexera Software
Related OSS Projects - Peter Rowe, Flexera SoftwareRelated OSS Projects - Peter Rowe, Flexera Software
Related OSS Projects - Peter Rowe, Flexera Software
 
Supercomputing by API: Connecting Modern Web Apps to HPC
Supercomputing by API: Connecting Modern Web Apps to HPCSupercomputing by API: Connecting Modern Web Apps to HPC
Supercomputing by API: Connecting Modern Web Apps to HPC
 
Federation and Interoperability in the Nectar Research Cloud
Federation and Interoperability in the Nectar Research CloudFederation and Interoperability in the Nectar Research Cloud
Federation and Interoperability in the Nectar Research Cloud
 
Simplifying the Move to OpenStack
Simplifying the Move to OpenStackSimplifying the Move to OpenStack
Simplifying the Move to OpenStack
 
Hyperconverged Cloud, Not just a toy anymore - Andrew Hatfield, Red Hat
Hyperconverged Cloud, Not just a toy anymore - Andrew Hatfield, Red HatHyperconverged Cloud, Not just a toy anymore - Andrew Hatfield, Red Hat
Hyperconverged Cloud, Not just a toy anymore - Andrew Hatfield, Red Hat
 
Migrating your infrastructure to OpenStack - Avi Miller, Oracle
Migrating your infrastructure to OpenStack - Avi Miller, OracleMigrating your infrastructure to OpenStack - Avi Miller, Oracle
Migrating your infrastructure to OpenStack - Avi Miller, Oracle
 
A glimpse into an industry Cloud using Open Source Technologies - Adrian Koh,...
A glimpse into an industry Cloud using Open Source Technologies - Adrian Koh,...A glimpse into an industry Cloud using Open Source Technologies - Adrian Koh,...
A glimpse into an industry Cloud using Open Source Technologies - Adrian Koh,...
 
Enabling OpenStack for Enterprise - Tarso Dos Santos, Veritas
Enabling OpenStack for Enterprise - Tarso Dos Santos, VeritasEnabling OpenStack for Enterprise - Tarso Dos Santos, Veritas
Enabling OpenStack for Enterprise - Tarso Dos Santos, Veritas
 
Understanding blue store, Ceph's new storage backend - Tim Serong, SUSE
Understanding blue store, Ceph's new storage backend - Tim Serong, SUSEUnderstanding blue store, Ceph's new storage backend - Tim Serong, SUSE
Understanding blue store, Ceph's new storage backend - Tim Serong, SUSE
 
OpenStack Networks the Web-Scale Way - Scott Laffer, Cumulus Networks
OpenStack Networks the Web-Scale Way - Scott Laffer, Cumulus NetworksOpenStack Networks the Web-Scale Way - Scott Laffer, Cumulus Networks
OpenStack Networks the Web-Scale Way - Scott Laffer, Cumulus Networks
 
Diving in the desert: A quick overview into OpenStack Sahara capabilities - A...
Diving in the desert: A quick overview into OpenStack Sahara capabilities - A...Diving in the desert: A quick overview into OpenStack Sahara capabilities - A...
Diving in the desert: A quick overview into OpenStack Sahara capabilities - A...
 
Building a GPU-enabled OpenStack Cloud for HPC - Blair Bethwaite, Monash Univ...
Building a GPU-enabled OpenStack Cloud for HPC - Blair Bethwaite, Monash Univ...Building a GPU-enabled OpenStack Cloud for HPC - Blair Bethwaite, Monash Univ...
Building a GPU-enabled OpenStack Cloud for HPC - Blair Bethwaite, Monash Univ...
 
OpenStack and Red Hat: How we learned to adapt with our customers in a maturi...
OpenStack and Red Hat: How we learned to adapt with our customers in a maturi...OpenStack and Red Hat: How we learned to adapt with our customers in a maturi...
OpenStack and Red Hat: How we learned to adapt with our customers in a maturi...
 
Meshing OpenStack and Bare Metal Networks with EVPN - David Iles, Mellanox Te...
Meshing OpenStack and Bare Metal Networks with EVPN - David Iles, Mellanox Te...Meshing OpenStack and Bare Metal Networks with EVPN - David Iles, Mellanox Te...
Meshing OpenStack and Bare Metal Networks with EVPN - David Iles, Mellanox Te...
 
The Why and How of HPC-Cloud Hybrids with OpenStack - Lev Lafayette, Universi...
The Why and How of HPC-Cloud Hybrids with OpenStack - Lev Lafayette, Universi...The Why and How of HPC-Cloud Hybrids with OpenStack - Lev Lafayette, Universi...
The Why and How of HPC-Cloud Hybrids with OpenStack - Lev Lafayette, Universi...
 
Ironically, Infrastructure Doesn't Matter - Quinton Anderson, Commonwealth Ba...
Ironically, Infrastructure Doesn't Matter - Quinton Anderson, Commonwealth Ba...Ironically, Infrastructure Doesn't Matter - Quinton Anderson, Commonwealth Ba...
Ironically, Infrastructure Doesn't Matter - Quinton Anderson, Commonwealth Ba...
 
Traditional Enterprise to OpenStack Cloud - An Unexpected Journey
Traditional Enterprise to OpenStack Cloud - An Unexpected JourneyTraditional Enterprise to OpenStack Cloud - An Unexpected Journey
Traditional Enterprise to OpenStack Cloud - An Unexpected Journey
 
Building a GPU-enabled OpenStack Cloud for HPC - Lance Wilson, Monash University
Building a GPU-enabled OpenStack Cloud for HPC - Lance Wilson, Monash UniversityBuilding a GPU-enabled OpenStack Cloud for HPC - Lance Wilson, Monash University
Building a GPU-enabled OpenStack Cloud for HPC - Lance Wilson, Monash University
 
Monitoring Uptime on the NeCTAR Research Cloud - Andy Botting, University of ...
Monitoring Uptime on the NeCTAR Research Cloud - Andy Botting, University of ...Monitoring Uptime on the NeCTAR Research Cloud - Andy Botting, University of ...
Monitoring Uptime on the NeCTAR Research Cloud - Andy Botting, University of ...
 

Recently uploaded

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Recently uploaded (20)

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 

How to deliver High Performance OpenStack Cloud: Christoph Dwertmann, Vault Systems

  • 1. Securing Openstack with ISM and delivering high-performance storage Christoph Dwertmann (CTO) OPENSTACK AUSTRALIA DAY 2016 1
  • 2. ● Community Cloud for Australian federal, state and local government agencies and their partners ● Founded 5 years ago ● Runs customized version of Openstack on Ubuntu ● Completed IRAP assessment to UNCLASSIFIED in 2015 ● Listed on ASD’s Certified Cloud Services List (CCSL) ● Provide ISM-compliant cloud SOE to customers ● PROTECTED coming soon, SECRET in development ● Offices & Data Centre Presence in Canberra and Sydney Who we are 2
  • 3. ● High density Intel XEON compute platform with converged storage ● 512GB RAM per host ● Mellanox 100Gbps networking ● Pure NVMe Ceph cluster as main storage backend ● Cinder/LVM flash storage for best IOPS performance ● Multi-region Swift cluster on spinning disks (10TB/disk) with 3x replication across different data centres ● Secure Internet Gateway with multiple redundant ISP connections (ICON connectivity coming soon) Our technology 3
  • 4. ● Issued annually by the Australian Signals Directorate (ASD) ● Objective is to assist Australian government agencies in applying a risk–based approach to protecting their information and systems ● 938 controls (2016) designed to mitigate the most likely threats to Australian government agencies ASD Information Security Manual 4
  • 5. ISM coverage information security documentation personnel security cyber security incidents media security roles and responsibilities physical security information security monitoring communications security email security cryptography working off-site 5
  • 6. ● Vault’s cloud must comply with all ISM controls to pass IRAP assessment (completed in 2015) ● Vault must ensure compliance is maintained and new controls are applied ● We offer customers a compliant environment, greatly reducing their own compliance requirements ● The customer is responsible for ensuring compliance when modifying Vault’s SOE The ISM and Vault 6
  • 7. ● ISM slowly adopts some cloud-friendly controls ○ e.g. Controls 1460-1463: Functional separation between server-side computing environments ● Some controls are difficult: e.g. email security ○ May be easier to not use email at all ● Evaluated Product List -> a lot of outdated HW/SW ● Openstack from source allows us to meet ISM requirements - no distro Openstack is secure enough ISM and Cloud 7
  • 8. Some controls may not apply: ISM and Cloud 8
  • 9. Some controls are not cloud-friendly: ISM and Cloud 9
  • 10. ● Cinder/LVM directly maps block storage to customer VM ● Cinder supports block device sanitization: shred from the coreutils package overwrites LVM block device with random pattern (3x on Openstack) Example: Media Security cinder.conf # Method used to wipe old volumes (string value) volume_clear=shred 10
  • 11. NO when sanitization fails and the data on the drive is classified Can we RMA a faulty drive? 11
  • 12. Reclassifying disks through successful sanitization: Can we RMA a faulty drive? 12
  • 13. Reclassifying drives through data at rest encryption: ● Self-encrypting disks: simply change encryption key (as long as drive is still accessible) ● dm-crypt: Linux-based disk encryption ● Swift object encryption (new feature in Openstack Newton) Still need to sanitize the disks! Can we RMA a faulty drive? 13
  • 14. YES if the drive was reclassified to Unclassified through sanitization or encryption and sanitization & a formal administrative decision is made to release the unclassified media, or its waste, into the public domain Can we RMA a faulty drive? 14
  • 15. ● A bit of work to implement ● Ongoing work to keep up with latest controls ● Not always cloud-friendly ● Some creative ideas required to solve tricky controls ● Discussions with IRAP assessor can help ● Best practise for IT security ● Agencies: Vault Systems did most of the work for you! ISM conclusion 15
  • 17. ● Free software storage platform ● In development since 2007 (Openstack: 2010) ● Implements Object, Block and File storage ● Runs on commodity hardware ● Fault-tolerant, self-healing, self-managing ● Block supports snapshots, striping, native integration with KVM and Linux ● 6 month release cycle What is Ceph? 17
  • 21. ● We like Open Source ● We don’t like to depend on a single vendor for support, RMA and upgrades ● Openstack integration second to none (cinder-volume, cinder-backup, nova, keystone, swift alternative) ● Mature, large online community, active development ● Versatile (Block, Object, Network FS) ● Distributed (no downtime on upgrades) ● Supports copy-on-write for fast instance creation Why are we using Ceph? 21
  • 22. ● 3 Monitors (8 Cores, 64GB RAM, Intel P3700 NVMe 400GB for LevelDB) - overspec’d ● 4 OSDs (16 Cores, 64GB RAM, 10x Intel P3600 NVMe 2TB) ● Total cluster size 74 TB, two replicas ● 20Gbit bonded NIC (xmit_hash_policy=layer3+4) ● https://github.com/ceph/ceph-ansible to automatically configure the hosts and deploy ceph ● fio with AIO plugin (KVM) and RBD plugin (bare metal) for benchmarking How we deploy Ceph 22
  • 23. ● Sequential R/W 1MB: saturate 20 Gbps port bandwidth on all four OSDs, total 7.5GB/s ● Random read 4K: >500K IOPS measured from bare metal nodes ○ Could be improved by running more than one OSD per disk ● Max 50K IOPS on a single KVM with jemalloc due to librbd memory allocation performance (35K with malloc) ● Latency 1ms, Cinder/LVM beats it (0.6ms) Performance observations 23
  • 24. ● Patch ceph-ansible to support more than one OSD per disk (2 for SSD, 4 for NVMe) ● Move to converged compute/storage architecture ● Use RDMA in latest Ceph release to improve latency / IOPS ● Deploy Ceph Bluestore when it’s ready for production Future work on Ceph 24
  • 25. ● Slide 8: http://www.theradiohistorian.org/ ● Slide 19: Jian Zhang (Intel) ● Slide 20: Sage Weil (Red Hat) ● Slide 24: http://cryptid-creations.deviantart.com/art/Daily-Paint-986- Octopus-vs-Cookie-Jar-OA-551061037 Credits 25