Three years ago, driven by the needs of some of our larger users, we incorporated support for Virtual Data Centers (vDCs) and multiple Zones into OpenNebula 3.0. Since that time, this innovative vDC functionality has helped many IT organizations to make the transition towards the next generation of cloud infrastructures supporting on-demand provisioning of multiple fully-isolated vDCs. Thanks to the feedback received by many of these organizations during the last years, we have improved this functionality and its integration with the rest of subsystems. This post describes the new cloud provisioning model based on vDCs that is brought by OpenNebula 4.6. The new model offers an integrated and comprehensive framework for resource allocation and isolation in federated data centers and hybrid cloud deployments.
The Infrastructure Perspective
Common large IT shops have multiple Data Centers (DCs), each one of them consisting of several physical Clusters of infrastructure resources (hosts, networks and storage). These Clusters could present different architectures and software/hardware execution environments to fulfill the needs of different workload profiles. Moreover, many organizations have access to external public clouds to build hybrid cloud scenarios where the private capacity of the Data Centers is supplemented with resources from external clouds to address peaks of demand. Sysadmins need a single comprehensive framework to dynamically allocate all these available resources to the multiple groups of users.
For example, you could have two Data Centers in different geographic locations, Europe and USA West Coast, and an agreement for cloudbursting with two cloud providers, Amazon and SoftLayer. Each Data Center runs its own full OpenNebula deployment.
Users are organized in Groups (also called Projects, Domains, Tenants…). A Group is an authorization boundary that can be seen as a business unit if you are considering it as private cloud or as a complete new company if it is public cloud. A powerful, configurable ACL system is needed to enable different authorization scenarios, from the definition of group Admins to the privileges of the users that can deploy virtual machines. Each Group can execute different types of workload profiles with different performance and security requirements.
For example, you can think Web Development, Human Resources, and Big Data Analysis as business units represented by Groups in OpenNebula.
The following are common enterprise use cases in large cloud computing deployments:
- On-premise Private Clouds Serving Multiple Projects, Departments, Units or Organizations. On-premise private clouds in large organizations require powerful and flexible mechanisms to manage the access privileges to the virtual and physical infrastructure and to dynamically allocate the available resources. In these scenarios, the Cloud Administrator would define a Group for each Department, dynamically allocating resources according to their needs, and delegating the internal administration of the Group to the Department IT Administrator.
- Cloud Providers Offering Virtual Private Cloud Computing. Cloud providers providing customers with a fully-configurable and isolated environment where they have full control and capacity to administer its users and resources. This combines a public cloud with the control usually seen in a personal private cloud system.
A New Cloud Provisioning Model Based on vDCs
A Group is simply a boundary, you need to populate resources into the Group which can be consumed by the users of the Group. These resources are obtained from Resource Providers that can be located in different Data Centers, ending up with the creation of a vDC. A Resource Provider is a Cluster of infrastructure resources (physical hosts, networks, datastores and external clouds).
For example, you could create three different vDCs:
- BLUE: Allocation of (ClusterA@DC_West_Coast + Cloudbursting) to Web Development
- RED: Allocation of (ClusterB@DC_West_Coast + ClusterA@DC_Europe + Cloudbursting) to Human Resources
- GREEN: Allocation of (ClusterC@DC_West_Coast + ClusterB@DC_Europe) to Big Data Analysis
A vDC is a fully-isolated virtual infrastructure environment where a Group of users, under the control of the vDC admin, can create and manage compute, storage and networking capacity. The users in the vDC, including the vDC administrator, would only see the virtual resources and not the underlying physical infrastructure. The physical resources allocated by the cloud administrator to the vDC can be completely dedicated to the vDC, providing isolation at the physical level too.
The privileges of the vDC users and the administrator regarding the operations over the virtual resources created by other users can be configured. In a typical scenario the vDC administrator can create virtual networks, upload and create images and templates, and monitor other users virtual resources, while the users can only instantiate virtual machines and virtual networks to create their services. The administrators of the vDC have full control over resources and can also create new users in the vDC.
Users can then access their vDC through any of the existing OpenNebula interfaces, such as the CLI, Sunstone, OCA, or the OCCI and AWS APIs. vDC administrators can manage their vDCs through the CLI or the vDC admin view in Sunstone. Cloud Administrators can manage the vDCs through the CLI or Sunstone.
The Cloud provisioning model based on vDCs enables an integrated, comprehensive framework to dynamically provision the infrastructure resources in large multi-datacenter environments to different customers, business units or groups. This brings several benefits:
- Partitioning of cloud physical resources between Groups of users
- Complete isolation of users, organizations or workloads
- Allocation of Clusters with different levels of security, performance or high availability
- Containers for the execution of software-defined data centers
- Way of hiding physical resources from Group members
- Simple federation, scalability and cloudbursting of private cloud infrastructures beyond a single cloud instance and data center
Want to Try?
The Beta release of OpenNebula 4.6 will be available in few days. In the meantime you can enjoy this screencast about partitioning clouds with vDCs.
We are looking forward to your feedback!.