Intel and OpenStack: Contributions and Deployment Das Kamhout,

Intel and OpenStack: Contributions and Deployment Das Kamhout,

Intel and OpenStack: Contributions and Deployment Das Kamhout, Principal Engineer, Intel IT Dr. Malini Bhandaru, Open Source Technology Center, Intel SSG OpenStack Summit, Hong Kong, Nov13 Helping Fuel Innovationand Opportunities 11.1% Eclips X.or GNU e g JQuery Webki kernel.org t OpenStac Yocto k Project 01.org Hadoop 9.3% 4.9% Intel SUSE IBM #2 Linux Contributor improving performance, stability & efficiency Code Contributions to Open Source Projects Clutter Connman Ofono Cairo KVM

Linux Kernel QT Intel in Open Source Project Contributor Across the Stack contributions span every layer of the stack SPCEvirt_sc2010* Performance 3,000 2,500 tte r 2,000 3x improvement over 3 years Throughput Be 1,500 0% 20% 40% 60% 80% 100% Intel is single largest contributor to these projects Proven Components is 1,000 Hig he

r Red Hat 4.2% 500 0 MC-DP WSM-EP SNB-EP WSM-EX KVM building blocks simplify development, reduce costs and speed time-tomarket 2 Intel Enables OpenStack Cloud Deployments Contributions Intel IT Open Cloud Intel Cloud Builders Source: www.stackalytics.com 1 Across OpenStack projects Open Source Tools Top contributor to Grizzly and Havana releases1 Optimizations, validation, and patches Intel IT Open Cloud with OpenStack

Delivering Consumable Services Single Control Plane for all Infrastructure Collection of best practices Intel IT Open Cloud Reference Arch Share best practices with IT and CSPs http://www.intel.com/cloudbuilders 3 Stress on Datacenter Operations Network Storage Server 2-3 weeks to provision new services1 40% data growth CAGR, 90% unstructured3 Average utilization <50% despite virtualization4 New Challenges are coming. 1: Source: Intel IT internal estimate; 2: 3: IDCs Digital Universe Study, sponsored by EMC, December 2012; 4: IDC Server Virtualization and The Cloud 2012 4 The Intel SDI Vision Self-provisioning, automated orchestration, composable resource pools Datacenter Today Software-defined Infrastructure Private Idea for service

Manually configure devices IT scopes needs Balance user demands Set up service components, assemble software Service running Time to Provision New Service: Months1 1: Source: Intel IT internal estimate Public Idea for service Self service catalog & services orchestration Software components assembled Automated composition of resources Service running Time to Provision New Service: Minutes1 5 End User App Dev

App Owner IT Ops LegacyApplications Applicationson ondedicated dedicated Legacy Infrastructure Infrastructure Consumers Start Open Data Center Alliance Cloud Adoption Roadmap Year 1 Year 2 Year 3 Year 4 Simple Simple SaaS SaaS Simple Simple SaaS SaaS Complex Complex SaaS SaaS Hybrid Hybrid SaaS SaaS Enterprise Enterprise Legacy

Legacy Apps Apps Cloud Cloud Aware Aware Apps Apps Enterprise Enterprise Legacy Legacy Apps Apps Cloud Cloud Aware Aware Apps Apps Cloud Cloud Aware Aware Apps Apps Legacy Legacy Apps Apps Legacy Legacy Apps Apps Private Private PaaS PaaS Hybrid Hybrid PaaS PaaS Full Full Private Private IaaS

IaaS Hybrid Hybrid IaaS IaaS Complex Complex Compute Compute IaaS IaaS Simple Simple Compute Compute IaaS IaaS Simple Simple Compute Compute IaaS IaaS Compute, Compute, Storage, Storage, and and Network Network Compute, Compute, Storage, Storage, and and Network Network Year 5 Federated, Federated, Interoperable, Interoperable, and

and Open Open Cloud Cloud 6 Intel IT Quick History Design Grid since 1990s 60k servers across 60+ datacenters Clouds Uncle Enterprise Private Cloud 2010 13k VMs across 10 datacenters 75% of Enterprise Server Requests 80% virtualized Open Source Private Cloud 2012 1.5k VMs across 2 datacenters Running cloud-aware and some traditional apps OpenStack - Intel IT Convergence Platform Silicon Design Enterprise Hosting Validation Labs OpenStack Existing Infrastructure New Infrastructure Top Challenges & Technical Responses Security &

Compliance Unit Cost Reduction Business Uptime Trusted Compute Pools Geo-tagging Key Management Enhanced Platform Awareness (crypto processing) Intelligent storage allocation in Cinder Multiple publisher support in ceilometer Erasure code in Icehouse release COSbench performance measurement tool Erasure Code (storage cost) Enhanced Platform Awareness (PCIe Accelerators etc.) Intelligent workload & storage scheduling Live Migration, Rack-level redundancies Intel Virtualization Technology with FlexMigration 9 Intel Contributions* to OpenStack Monitoring/Metering (Ceilometer) Metrics

User Interface (Horizon) Object Store (Swift) Object Storage Erasure Code Policy Image Store (Glance) OVF Meta-Data Import Compute (Nova) Enhanced Platform Awareness Block Storage (Cinder) Filter Scheduler Trusted Compute Pools (Extended with Geo Tagging) Network Services (Neutron) Intel DPDK vSwitch Advanced Services in VMs Intelligent Workload Scheduling Key Encryption & Management VPN-as-a-Service (with Intel QuickAssist Technology) Key Service (Barbican) Compute Enhanced Platform Awareness CPU Feature Detection PCIe SR-IOV Accelerators OVF Meta-Data Import Expose Enhancements Trusted Compute Pools With Geo Tagging

Key Management Intelligent Workload Scheduling (Metrics) Networking *Note: A mixture of features that are completed, in development or in Planning Intel DPDK vSwitch VPN-as-a-Service with Intel QuickAssist Acceleration Advanced Services in VMs Storage Filter Scheduler Erasure Code Object Storage Policies 10 Trusted Compute Pools (TCP) Enhance visibility, control and compliance TCP Solution - Platform Trust - new attribute for Management Intel TXT initiates Measured Boot basis for Platform Trust Open Attestation (OAT) SDK Remote Attestation Mechanism - https://github.com/OpenAttestation/OpenAttestation TCP-aware scheduler controls placement & migration of workloads in trusted pools

TCP is enabled in OpenStack (Folsom release) No computer 1 system can provide absolute security under all conditions. IntelIT survey, Trusted sponsored Execution Technology (Intel source: McCann whats holding the cloud back? cloud security global by Intel, May 2012TXT) requires a computer system with Intel Virtualization Technology, an Intel TXT-enabled processor, chipset, BIOS, Authenticated Code Modules and an Intel TXTcompatible measured launched environment (MLE). The MLE could consist of a virtual machine monitor, an OS or an application. In addition, Intel TXT requires the system to contain a TPM v1.2, as defined by the Trusted Computing Group and specific software for some uses. For more information, see here 11 Trusted Compute Pools with Geo-Tagging Use geo-location descriptor stored in TPM on Trusted Servers to control workload placement & migration OpenStack* Enhancements Secure mechanism for Provisioning geo certificates Dashboard display VM/storage geo Nova flavor extra spec geo Enhanced TCP scheduler filter Geo Attestation Service (OAT +) Geo-tagged Storage

Volumes Objects Work in progress - Provide feedback, use cases 12 Concept: Trusted Compute Pools (TCP) VM Protection Tenant-Controlled, Hardware-Assisted VM Protection in the Cloud Customer Data Center MH MHClient Client MH Client Cloud Service Provider Data Center CSP-Image 2 Encrypted VM Image Server (Glance) 5 Encrypted VM Image DOM0 Encrypted VM SymKey 1 3 Launch request (from anywhere) Launch command Cloud Service 4 Provider Portal

Key Mgt Service OAT Host + VMM TXT + TPM 6 Request Encryption Key (AIK, KeyID) Encryption Key (enveloped) Keys Policy MH: OVF Plug-in Request Host Trust Attestation Response Trust Status, BindPubKey 7 9 Trust Attestation OAT/MTW 8 Concept Demo in Citrix Booth Key Management Ease Security Adoption, new use cases, compliance Server-side encryption Data-at-rest security Random high quality keys

Secure Key Storage Controlled key access via Keystone High availability Pluggable backend HSM, TPM Barbican Key Manager: https://github.com/cloudkeep/barbican Intel technologies: Intel Secure Key, Intel AES-NI Prototype in Havana, incubate in Icehouse 14 Filter Scheduler (Cinder) Winner! Volume Service 1 Volume Service 1 Volume Service 2 Volume Service 2 Volume Service 3 Volume Service 4 Volume Service 5 Filters Volume Service 3 AvailabilityZone Volume Service 4 Filter Capabilities Volume Service 5 Filter JsonFilter CapacityFilter RetryFilter Weight = 25 Volume Service 5 Weight = 20

Volume Service 2 Weight = 41 CapacityWeigher AllocatedVolumesWeigher AllocatedSpaceWeigher Volume Service 4 Weighers Example Use Case: Differentiated Service with Different Storage Back-ends CSP: 3 different storage systems, offers 4 levels of volume services Volume service criteria dictates which storage system can be used Filter scheduler allows CSP to name storage services and allocate correct volume 15 15 Data Collection for Efficiency: Intelligent Workload Scheduling Enhanced usage statistics allow advanced scheduling decisions Pluggable metric data collecting framework Compute (Nova) - New filters / weighers for utilization-based scheduling Metering in Havana release, scheduling in future release 16 Enhanced Platform Awareness Allows OpenStack* to have a greater awareness of the capabilities of the hardware platforms Processor Expose CPU & platform features to OpenStack Nova scheduler Use ComputeCapabilities filter to select hosts with required features

Faster Encryptions Data In Motion Unencrypted Data Encrypted Data ABCDEFGH IJKLMNOP QRSTUVW #@$%&%@#& %@#[email protected]&% [email protected]#[email protected]%&& Faster Decryptions Intel AES-NI or PCI Express accelerators for security and I/O workloads Upto 10x encryption & 8x decryption performance improvement observed 1 Some features in Havana, more in future releases Intel AES-NI = Intel Advanced Encryption Standard New Instructions See http://www.oracle.com/us/corporate/press/173758 17 SDN & NFV: Driving Architectural Transformation From This: Traditional networking topology Monolithic vertical integrated box TEM proprietary solutions Firewall VPN To This: Networking within VMs Standard x86 COTS HW Open SDN standard solutions

IDS/IPS VM: Firewall VM: VPN VM: IDS/IPS SDN/NFV TEM/OEM Proprietary OS ASIC, DSP, FPGA, ASSP IA CPU Switch Wind River NIC Chipset Silicon Acceleration Silicon Linux + Apps 18 Intel DPDK Accelerated Open vSwitch In Neutron Open vSwitch Intel DPDK vSwitch ML2 Driver/Agent in Development API Extensions Neutron API 10x Neutron-ML2-Plugin DPDK vSwitch Mechanism Driver DB External

Controller L2 Agent vSwitch DPDK vSwitch L2 Agent DPDK vSwitch VMVMVM VM Unleashing Intel DPDK vSwitch Performance in Neutron VMVMVM VM 19 OpenStack* Swift With Erasure Code Upload Download Clients RESTful API, Similar to S3 Obj A Obj A Access Tier (Concurrency) New Storage Policy capability Applications control policy EC can be inline or offline Capacity Tier (Storage) ee g a or t s ed Load Balan cer s

a e r Prion xyc h wit Encoder CO T s er w o L Supports multiple policies at the same time via container tag EC flexibility via plug-in Storage Proxy cy n e i ffic Auth Service Decoder Proxy 2 StoragFrag e Storage Storage

Storage Storage Storage StorageFrag 4 Storage Storage StorageFrag 1 Storage Storage Storage Storage Zone 1 Zone 2 Zone 3 Frag 3 Zone 4 Frag N Zone 5 Detailed Tutorial at: https://intel.activeevents.com/sf13/connect/sessionDetail.ww?SESSION_ID=1180&tclass=popup Community Collaboration: https://intel.activeevents.com/sf13/connect/sessionDetail.ww?SESSION_ID=1180&tclass=popup 20 Intel actively contributing to OpenStack Delivering interoperable, federated, efficient and secure Open Cloud solutions Security & Compliance

Unit Cost Reduction Business Uptime Trusted Compute Pools Geo-tagging Key Management Enhanced Platform Awareness (crypto processing) Intelligent storage allocation in Cinder Multiple publisher support in ceilometer Erasure code in Icehouse release COSbench performance measurement tool Erasure Code (storage cost) Enhanced Platform Awareness (PCIe Accelerators etc.) Intelligent workload & storage scheduling Live Migration, Rack-level redundancies Intel Virtualization Technology with FlexMigration 21 Q&A Legal Disclaimers: INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR

OTHER INTELLECTUAL PROPERTY RIGHT. A "Mission Critical Application" is any application in which failure of the Intel Product could result, directly or indirectly, in personal injury or death. SHOULD YOU PURCHASE OR USE INTEL'S PRODUCTS FOR ANY SUCH MISSION CRITICAL APPLICATION, YOU SHALL INDEMNIFY AND HOLD INTEL AND ITS SUBSIDIARIES, SUBCONTRACTORS AND AFFILIATES, AND THE DIRECTORS, OFFICERS, AND EMPLOYEES OF EACH, HARMLESS AGAINST ALL CLAIMS COSTS, DAMAGES, AND EXPENSES AND REASONABLE ATTORNEYS' FEES ARISING OUT OF, DIRECTLY OR INDIRECTLY, ANY CLAIM OF PRODUCT LIABILITY, PERSONAL INJURY, OR DEATH ARISING IN ANY WAY OUT OF SUCH MISSION CRITICAL APPLICATION, WHETHER OR NOT INTEL OR ITS SUBCONTRACTOR WAS NEGLIGENT IN THE DESIGN, MANUFACTURE, OR WARNING OF THE INTEL PRODUCT OR ANY OF ITS PARTS. Intel may make changes to specifications and product descriptions at any time, without notice. Designers must not rely on the absence or characteristics of any features or instructions marked "reserved" or "undefined". Intel reserves these for future definition and shall have no responsibility whatsoever for conflicts or incompatibilities arising from future changes to them. The information here is subject to change without notice. Do not finalize a design with this information. The products described in this document may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request. Intel product plans in this presentation do not constitute Intel plan of record product roadmaps. Please contact your Intel representative to obtain Intel's current plan of record product roadmaps. Intel processor numbers are not a measure of performance. Processor numbers differentiate features within each processor family, not across different processor families. Go to: http://www.intel.com/products/processor_number. Contact your local Intel sales office or your distributor to obtain the latest specifications and before placing your product order. Copies of documents which have an order number and are referenced in this document, or other Intel literature, may be obtained by calling 1-800-548-4725, or go to: http://www.intel.com/design/literature.htm Code names featured are used internally within Intel to identify products that are in development and not yet publicly announced for release. Customers, licensees and other third parties are not authorized by Intel to use code names in advertising, promotion or marketing of any product or services and any such use of Intel's internal code names is at the sole risk of the user Intel, and the Intel logo are trademarks of Intel Corporation in the United States and other countries. *Other names and brands may be claimed as the property of others. Copyright 2013 Intel Corporation. 23 Legal Disclaimers and Notices Intel Trademark Notice: Celeron, Intel, Intel logo, Intel Core, Intel Core i7, Intel Core i5, Intel Core i3, Intel Atom Intel Inside, Intel Inside logo, Intel. Leap ahead., Intel. Leap ahead. logo, Intel NetBurst, Intel SpeedStep, Intel XScale, Itanium, Pentium, Pentium Inside, VTune, Xeon, and Xeon Inside are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. Non-Intel Trademark Notice: *Other names and brands may be claimed as the property of others. General Performance Disclaimer/"Your Mileage May Vary"/Benchmark: Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors. Performance tests, such as SYSmark and MobileMark, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. Performance tests and ratings are measured using specific computer systems and/or components and reflect the approximate performance of Intel products as measured by those tests. Any difference in system hardware or software design or configuration may affect actual performance. Buyers should consult other sources of information to evaluate the performance of systems or components they are considering purchasing. For more information on performance tests and on the performance of Intel products, visit http://www.intel.com/performance/resources/limits.htm or call (U.S.) 1-800-628-8686 or 1-916-356-3104. Estimated Results Benchmark Disclaimer: Results have been estimated based on internal Intel analysis and are provided for informational purposes only. Any difference in system hardware or software design or configuration may affect actual performance. Pre-release Notice: This document contains information on products in the design phase of development. Processor Numbering Notice: Intel processor numbers are not a measure of performance. Processor numbers differentiate features within each processor family, not across different processor families: Go to: http://www.intel.com/products/processor_number

Roadmap Notice: All products, computer systems, dates and figures specified are preliminary based on current expectations, and are subject to change without notice. Excerpted Product Roadmap Notice: Intel product plans in this presentation do not constitute Intel plan of record product roadmaps. Please contact your Intel representative to obtain Intel's current plan of record product roadmaps. Intel AES-New Instructions (Intel AES-NI): Intel AES-NI requires a computer system with an AES-NI enabled processor, as well as non-Intel software to execute the instructions in the correct sequence. AES-NI is available on select Intel processors. For availability, consult your reseller or system manufacturer. For more information, see http://software.intel.com/en-us/articles/intel-advanced-encryption-standard-instructions-aes-ni/ Enhanced Intel SpeedStep Technology : See the Processor Spec Finder at http://ark.intel.com or contact your Intel representative for more information. Intel Hyper-Threading Technology (Intel HT Technology): Available on select Intel Core processors. Requires an Intel HT Technology-enabled system. Consult your PC manufacturer. Performance will vary depending on the specific hardware and software used. For more information including details on which processors support HT Technology, visit http://www.intel.com/info/hyperthreading. Intel 64 architecture: Requires a system with a 64-bit enabled processor, chipset, BIOS and software. Performance will vary depending on the specific hardware and software you use. Consult your PC manufacturer for more information. For more information, visit http://www.intel.com/info/em64t Intel Turbo Boost Technology: Requires a system with Intel Turbo Boost Technology. Intel Turbo Boost Technology and Intel Turbo Boost Technology 2.0 are only available on select Intel processors. Consult your PC manufacturer. Performance varies depending on hardware, software, and system configuration. For more information, visit http://www.intel.com/go/turbo 24 Physical Infrastructure Infrastructure As a Service App Platform Services Monitoring As a Service Interfaces Intel IT Open Cloud Components GUI (Graphical User Interface) Release Cadence API (Application Programming Interface) Manageability Open-Source Foundation Watcher

(Nagios**, Shinken**, Heat**) Decider (Heat) Actor (Puppet**, Cfengine**) Collector (Hadoop**) PaaS Analytics Messaging Data IaaS Web Open-Source (OpenStack*) Dashboard (Horizon**) Compute (Nova**) Compute 6 Months OS Images (Glance**) Block Storage (Cinder**) Object Storage (Swift**) Storage 3 Months

3 Months 6 Months Network (Neutron**) Network 12-18 Months 25 Benefits of Enhanced Platform Awareness Intel QuickAssist Accelerator Intel AES New Instructions Intel Data Plane Development Kit Intel Secure Key Intel Advanced Vector Extensions 2 (AVX2) Enabler for Enhanced Cloud Efficiency & Deploying SDN/NFV Workloads Some features enabled in Havana, more coming in future releases 26 C o n t r ib u t io n b y P e r Linux Kernel Contributions Intel Red Hat SUSE IBM TI Linaro (ARM) 14

12 10 8 6 4 2 0 Source: http://lwn.net Kernel Releases Summary: Key Intel Contributions into OpenStack Contribution Trusted Filter Trusted Filter UI Filter Scheduler Multiple Publisher Support Open Attestation SDK COSBench Enhanced Platform Awareness Key Manager Erasure Code Project Nova Horizon Cinder Ceilometer Release Folsom Folsom Grizzly Havana To Open Source To Open Source Havana + future Icehouse+ Icehouse Comments Place VMs in Trusted Compute Pools GUI interface for Trusted Compute Pool management

Intelligent storage allocation Pipeline manager; pipelines of collectors, transformers, publishers Remote Attestation service for Trusted Compute Pools Object store benchmarking tool Leverages advanced CPU and PCIe device features for increased performance Makes data protection more readily available via server side encryption with key management Augments tri-replication algorithm in Swift enabling application selection of alternate storage policies 28 Re-architect the Datacenter Datacenter Today Software-defined Infrastructure Private Idea for service Manually configure devices IT scopes needs Balance user demands Set up service components, assemble software Service running Time to Provision New Service: Months1 1: Source: Intel IT internal estimate Public Idea for

service Self service catalog & services orchestration Software components assembled Automated composition of resources Service running Time to Provision New Service: Minutes1 29 The Intel SDI Vision Automated provisioning Orchestrated placement Composable Resource Pools 30

Recently Viewed Presentations

  • Reading Power - Accessola2

    Reading Power - Accessola2

    Reading Power … insight into the Research Rose Dodgson TDSB Learning to read is "the greatest single effort that the human mind undertakes, and he must do it as a child." John Steinbeck Reading Power … insight into the Research...
  • Presentation Name

    Presentation Name

    The ADTI CLIMAT (ClinicalMeaningfulness in Alzheimer Disease) StudyClaudia Jacova. Assistant Professor. Division of Neurology. [email protected] Presented at the 26th International Conference of Alzheimer's Disease International, Toronto, March 27, 2011
  • Geography: It&#x27;s Where You Have Been Living This whole Time

    Geography: It's Where You Have Been Living This whole Time

    Geography: It's Where You Have Been Living This whole Time. Jacinta Petersen linda Cranley. University of notre dame australia
  • Imaging Fascia - American Massage Therapy Association

    Imaging Fascia - American Massage Therapy Association

    Sparsely arranged fibers, not ordered in a predominant direction. Oftern refferd to as "Loose" but Dr. Langevin suggests this label is too mechanical in description. less collagen, not so much tensile strength, variety of cell types. May contain neurovascular bundles....
  • 4.10 - Notes Oxidation and Reduction

    4.10 - Notes Oxidation and Reduction

    LEO the lion goes GER. Losing Electrons Oxidation, Gaining Electrons Reduction. Oxidation-reduction reactions. Abbreviated to redox reactions. Occur together in reactions. Can't have one without the other. Oxidizing agent. Species involved in removing electrons.
  • Examenskurs Kreditsicherungsrecht

    Examenskurs Kreditsicherungsrecht

    gelten, bei dem der Factorer das Ausfallrisiko übernimmt und ein Forderungskauf vorliege, dagegen bei . unechtem. Factoring, bei dem der Zedent mit einer Ausfallhaftung belastet wird und ein darlehensähnliches Geschäft vorliege;
  • Light Scattering Vijay Natraj Ge152 February 9, 2007

    Light Scattering Vijay Natraj Ge152 February 9, 2007

    Light Scattering Vijay Natraj Ge152 ... Each mixing group is a combination of 4 aerosol components Lognormal distribution Global Climatology of Aerosol Types Scattering Matrix Describes transformation from incident to viewing direction In many cases, function only of scattering angle...
  • Management of Hypertension in the Elderly - NEONP

    Management of Hypertension in the Elderly - NEONP

    Hypertension in the Very Elderly Trial (HYVET) Results. Study Conclusion. Trial ended early due to benefits seen at interim analysis. Treatment with indapamide +/- perindopril to a treatment goal of < 150/80mmHg in a very elderly population showed reduced risk...