Subject Name :-Cloud Computing

Subject Code :- KCS 075

Unit No. :- 5
Lecture No. :- 6
Topic Name :- Openstack and Federation in Cloud
Computing
 Contents

1. Open Stack
2. Open Stack Major Components
3. Architecture of Open Stack
4. Open Stack Workflow
5. Federation in cloud computing
6. Four Levels of federation
7. Important Questions
8. References
 OpenStack

• OpenStack is a cloud operating system that controls large pools of compute, storage, and networking resources
throughout a datacenter, all managed through a dashboard that gives administrators control while empowering
their users to provision resources through a web interface.
OpenStack Capability

▪ Software as Service (SaaS)

▪ Browser or Thin Client access

▪ Platform as Service (PaaS)

▪ On top of IaaS e.g. Cloud Foundry

▪ Infrastructure as Service (IaaS)

▪ Provision Compute, Network, Storage
 OpenStack Major Components

 Service - Compute
 Project - Nova

Manages the lifecycle of compute instances in an OpenStack environment.

Responsibilities include spawning, scheduling and decommissioning of virtual machines
on demand.
 Service - Networking
 Project -Neutron

• Enables Network-Connectivity-as-a-Service for other OpenStack services, such as

OpenStack Compute.
• Provides an API for users to define networks and the attachments into them.
• Has a pluggable architecture that supports many popular networking vendors and
technologies.
 Service - Object storage

 Project- Swift
• Stores and retrieves arbitrary unstructured data objects via a RESTFul, HTTP based API.
• It is highly fault tolerant with its data replication and scale-out architecture. Its implementation is not like a
file server with mountable directories.
• In this case, it writes objects and files to multiple drives, ensuring the data is replicated across a server
cluster.
 Service- Block storage
 Project- Cinder
• Provides persistent block storage to running instances.
• Its pluggable driver architecture facilitates the creation and management of block storage devices.
 Service - Identity

 Project – Keystone
• Provides an authentication and authorization service for other OpenStack services.

• Provides a catalog of endpoints for all OpenStack services.

 Service - Image service

 Project - Glance
• Stores and retrieves virtual machine disk images.

• OpenStack Compute makes use of this during instance provisioning.

 Service - Telemetry
 Project - Ceilometer

• Monitors and meters the OpenStack cloud for billing, benchmarking, scalability, and statistical
purposes.

 Service - Dashboard
 Project - Horizon

• Provides a web-based self-service portal to interact with underlying OpenStack services, such
as launching an instance, assigning IP addresses and configuring access controls.
Auth Token Usage
Architecture of Openstack
 Provisioning Flow

▪ Nova API makes rpc.cast to Scheduler. It publishes a short message to scheduler queue with VM info.

▪ Scheduler picks up the message from MQ.

▪ Scheduler fetches information about the whole cluster from database, filters, selects compute node and updates
DB with its ID

▪ Scheduler publishes message to the compute queue (based on host ID) to trigger VM provisioning

▪ Nova Compute gets message from MQ

▪ Nova Compute makes rpc.call to Nova Conductor for information on VM from DB

▪ Nova Compute makes a call to Neutron API to provision network for the instance

▪ Neutron configures IP, gateway, DNS name, L2 connectivity etc.

▪ It is assumed a volume is already created. Nova Compute contacts Cinder to get volume data. Can also attach
volumes after VM is built.
Nova Compute Driver
Nova scheduler filtering
Neutron Architecture
Glance Architecture
Cinder Architecture
Keystone Architecture
OpenStack Storage Concepts

• Ephemeral storage:
• Persists until VM is terminated
• Accessible from within VM as local file system
• Used to run operating system and/or scratch space
• Managed by Nova
• Block storage:
• Persists until specifically deleted by user
• Accessible from within VM as a block device (e.g. /dev/vdc)
• Used to add additional persistent storage to VM and/or run operating system
• Managed by Cinder
• Object storage:
• Persists until specifically deleted by user
• Accessible from anywhere
• Used to add store files, including VM images
• Managed by Swift
 FEDERATION IN CLOUD:
FEDERATION: The combination of disparate things.so that they can act as one.As in federate states data or
identy managment and making sure and all the right rools applied.
CLOUD FEDERATION:
1) Cloud federation refers to the unionization of software infrastructure and platform services from de-separate
networks that can be accessed by a client we are the internet.
2) The federation of cloud resources is facilitated through network gate ways that connect public or external
clouds like private or internal clouds owned by a single entity and/or community clouds owned by several co-
operating entities.
3) Creating a hybrid cloud computing environment. It is important to note that federated cloud cloud computing
services still relay on they existing of physical data centers.
CLOUD FEDERATION BENEFITS:
1) The federation of cloud resources allows client to optimize enterprise IT service delivery.
2) The federation of cloud resources allows a client to choose.The best cloud service providers in terms of
flexibility cost and availability of services to neat a particular business or technological need within their
organization.
3) Federation across different cloud resources pools allows applications to run in the most appropriate
infrastructure environments. 4) The federation of cloud resources allows an enterprise to distribute workload
around the globe and move data between desparate networks and implement inuvative security models for
user acess to cloud resources.
CLOUD FEDERATION AND IMPLEMENTATION:
1) One weakness that exist in the federation of cloud resources is the difficulty in preparing connectivity
between a client and a given external cloud provider as they each possess their own unique network
addressing scheme.
2) To resolve this issue cloud providers must grant clients the permission to specify an addressing scheme for
each server the cloud provider has external to the internet.
3) This provides customers to with the ability to the access cloud services without the need for reconfiguration
when using resources from different service providers.
4) Cloud federation can also be implemented behind a firewall which providing clients with the menu of cloud
services provided by one or more trusted entities.
Four levels of federation:
Technically Speaking federation is the ability for to xampp servers in different domains to exchange xml stanzas.
According to the XEP-0238 xampp protocol flows for inter domain federation.
There are four basic types of federation:
1)Permissive
2)Verified
3)Encrypted
4)Trusted
 Permissive Federation:

1) It occurs when the server accepts a connection from a peer network servers without verifying its identity using
DNS look as are certificate checking.
2) The lack of verification are authentication may let to domain schooling that is the unauthorized use of third
party domain name in an e-mail message in order to pretend to be someone else.
3) Which opens the door to white spread spam and other with the release of the jabbered 1.2 servers which
included support for the server dial ware protocol permissive federation mirth is device on the xampp network.
Verified Federation:
1) This type of federation occurs from a peer has been verified it users information obtain we are DNS and
by means of domain specifics exchange before hand.
2) The connection is not encrypted and the use of identity verification effectively presence domains pooling
make this works.
3) Federation requires proper DNS setup and that is still subjective DNS visioning attacks.
4) Verified federation has been the default service policy on the open XMPP since the release of the open
source jabbered 1.2 server.
Encrypted Federation:
1) In this mode a server accepts a connection from a peer if an only if the peer supports TLS(Transport Layer
Security)as define for XMPP in RFS(Request For Comments)3920.
2) The peer must prevent a digital certificate the certificate may be self sine but this presence using mutual
authentication this is the case both parties proceed to weekly verify identity using server dial pair.
3) XEP0220 define the server dialup protocol which is used between XMPP servers to provide identity
verification servers dial pair uses the DNS of the basis for verifying identity the basic approach is that when
a receiving server receives a server to server connection request from an originating server although server
dial pair does not provide strong authentication are trusted federation and although it is subjective DNS
visioning attacks this results in an encrypted connection with we identity verification
Trusted Federation:
1) Hear a server accepts a connection from a peer under only the stipulation that the peer supports TLS and the
peer can present a digital certificate issued by a root certification authority(CA) that is trusted by the
authenticating server.
2) The list of trusted root CAAS may be determine by one or more factors such as the os, xmpp server or local
service policy.
3) In trusted federation use of digital certificates results not only in channel encryption but also in strong
authentication.
4) The use of trusted domain certificate pretense DNS visioning effectively attacks but makes federation more
difficult since such certificates have traditionally not being easy to uptrain.
Privacy in cloud:
1) Information privacy or data privacy if the relationship between collection and dissemination of data
technology the public expectations of privacy and then legal issues surrounding then.
2) The challenge in data privacy is to share data while protecting personally Identifiable Information(PII).The
fields of data security and information security design and utilize software, hardware and human resources to
address this issue.
3) PII as used in information security refers to information that can be used to uniquely identifying single
individual.
4) Privacy is used to business issue focused an ensuring that personal data is protected from unauthorized and
inappropriate collection use and discloser ultimate preventing the trust lost of customer trust.
 Important Questions

1. Define OpenStack and its key components?

2. What are the services generally run on a Compute Node?
3. Give an overview of OpenStack Services?
4. Explain what hypervisor is and what type of hypervisor does OpenStack supports?
5. Define Identity Service in OpenStack.
 References
 Dan C Marinescu: “ Cloud Computing Theory and Practice.” Elsevier(MK) 2013.
 RajkumarBuyya, James Broberg, Andrzej Goscinski: “Cloud Computing Principles
and Paradigms”, Willey 2014.
 https://www.ques10.com/p/13989/explain-architecture-of-google-file-system-1/
 https://www.sciencedirect.com/topics/computer-science/google-file-system
 https://www.researchgate.net/publication/220910111_The_Google_File_System
 Enterprise Cloud Computing - Technology, Architecture, Applications, Gautam Shroff, Cambridge
University Press, 2010