Blog Article:

Building a Cloud for Mission-Critical Applications

Ignacio M. Llorente

Chief Executive Officer at OpenNebula Systems

Sep 28, 2011

OpenNebula 3.0 is bringing many new features to build cutting-edge cloud infrastructures. Most of them have been developed to address the needs of organizations running production environments. This article tries to summarize the main requirements on security, control and availability that we have received from organizations building infrastructures for mission-critical applications or for offering premium cloud services, and the functionality that makes OpenNebula unique to fulfill these requirements.

Because our experience is that there is not a single solution for Cloud availability, our position is that the IaaS cloud stack should provide administrators and integrators with configurable failover and redundancy mechanisms at physical host, zone, region and cloud levels to support availability of running applications services and to support the availability of the cloud service itself. So they can define and implement their specific model for availability in the cloud to fulfill the requirements of their target users and market, from a pure “design for failure” approach (commodity cloud), where software and higher level management tools take responsibility for application availability, to a more “traditional” approach (enterprise cloud), where the cloud provides the availability and redundancy necessary to keep it running in case of failure. In the enterprise cloud case, the design and deployment of the infrastructure is much more difficult due to the high number of components and failure scenarios that can arise, and its integration with mission-critical data center platforms and facilities.

  • Highly Secure Cloud Access: User login and interaction with the cloud is secured using state-of-the-art keys or certificates technology that includes authentication methods such as ssh rsa keypairs, X509 certificates or LDAP.
  • Granular Authorization: OpenNebula provides fine-grained access control that allows multiple-role support for different types of users and administrators, delegated control to authorized users, secure isolated multi-tenant environments, and easy resource sharing.
  • Advanced Multi-tenancy of the Cloud: Cloud zones can be compartmentalized into isolated Virtual Data Centers to ensure that several organizations can access the cloud with an isolated view of their resources.
  • Full Isolation of Service Execution: The functionality for automatic placement of VMs and the configurable monitoring system enable the ability to define security and isolation levels for the applications. The new multiple-zone support extends this functionality to easily manage fully isolated zones that can be located at different data center sites under different security policies and practices.
  • Ensure Application Availability: Configurable behavior in the event of host or VM failure to provide an easy to use and cost-effective failover solution.
  • Replication of Applications Across Sites: The support for hybrid and multi-zone cloud deployments enables the execution of application services in different sites, so enabling the configuration of “design for failure” applications to continue its execution and recover even if a complete site fails.
  • Ensure Cloud Availability: Support for high availability architectures with persistent database back-end with high availability configurations to preserve state of the cloud in the event of a hardware or software failure.
  • Limitation of Resource Consumption: Resource quota management to allocate, track and limit resource utilization.
  • Audit Trails: Detailed log files for the different components that maintain a record of significant changes.

OpenNebula 3.0 is free, fully open-source technology. You have the Release Candidate available for download (the stable version is due in few days), the guides and our support to deploy your cloud infrastructure for mission-critical applications.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *