IPnett Community Cloud Solution
Share on LinkedInShare on FacebookShare on Google+Tweet about this on Twitter

IPnett designed a solution based on OpenStack and Juniper Contrail to participate in the public procurement for NORDUnet’s community cloud. The winning solution contains Open Stack, Contrail SDN Controller, Community Cloud Self-Service portal and Compute, Storage and Networking hardware.

Community Cloud Solution Brief – background

Research institutions and universities are the incubators of new innovations that power economic growth. Studies show that more than half of all US economic growth since WWII comes from university-based research. In Europe, fostering innovation is widely accepted as the key to competitiveness and better quality of life, thus the European Commission is calling on member states to set targets to increase spending in research and innovation to 3% of GDP. To really foster innovations, there needs to be uninhibited collaborations in a community where ideas are shared and new technologies are built. The Nordic region has great capacity to create innovation and is particularly strong in information and communication technology (ICT) and in knowledge creation, and the countries are investing heavily in these areas. Facilitating co-operation across the Nordic countries In each of the Nordic countries, their National Research and Education Network (NREN) serves as a specialized Internet service provider dedicated to supporting the needs of the research and education communities.

NORDUnet is an organization that strives to facilitate co-operation between the Nordic NRENs and international partners by providing networking and infrastructure across all Nordic countries.

Secure storage of all data

Different countries in the Nordic region have slightly different regulations designed to provide guidelines on the storage of data and to meet requirements around the Privacy Actthe Nordic. The NRENs want to build shared Infrastructure-as-a-Service, Storageas- a-Service and Backup-as-a-Service offerings for the entire Nordic research and education community while guaranteeing that the research-related data originated in a specific country stays within the respective sovereign border. This cloud infrastructure needs to be very open so that file storage and sharing operations are transparent and secure, and can guarantee data sovereignty but sharing of information governed by policies can be facilitated. The community cloud also need to easily support hybrid cloud deployment model to allow each organization to have their own private cloud but share this community pool of resources.

The winning solution by IPnett

IPnett designed a solution based on OpenStack and Juniper Contrail to participate in the public procurement for NORDUnet’s community cloud. The Cloud Computing Platform has the following key components:

OpenStack: OpenStack is the clear winner of open source cloud management platform, and has been increasingly adopted to build cloud. Juniper Contrail OpenStack is used as the initial OpenStack release to perform compute and storage orchestrations. It is also integrated Contrail SDN Controller to perform network virtualization, orchestration and automation. In addition. Contrail OpenStack has been enhanced with Ceph distributed storage management. Ceph comes from another open source community. It is a distributed object store and file system designed to provide excellent performance, reliability and scalability. Contrail OpenStack has also been enhanced with server management and automation functionalities based on Cobbler and Puppet.

Contrail SDN Controller: Contrail is an open-standards based, proactive overlay SDN solution. Contrail SDN Controller works with existing physical network devices and help  address the networking challenges for self-service, automated, and vertically integrated cloud architecture. It improves scalability and CapEx inefficiencies through a proactive overlay virtual network. All of the networking features such as switching, routing, security, and load balancing are moved from the physical hardware infrastructure to software
running in the hypervisor kernel that is managed from a central orchestration system. This allows the system to scale while keeping the costs of the physical switching infrastructure under control, as the switching hardware has no state of the virtual machines or tenant/application and is only involved in routing traffic from one server to another. The Contrail system also solves the agility problem, as it provides all of the automation for provisioning of the virtualized network, networking services, and integration with cloud orchestration systems such as OpenStack and CloudStack using REST APIs. Juniper has made Contrail overlay software commercially available, and also open sourced the technology.

Community Cloud Self-Service portal:
This portal is designed by IPnett based on Openstack and Contrail REST APIs, and provide researchers a simple and intuitive user interface to request compute and storage resources and perform file sharing based on policies.

Compute, Storage and Networking hardware:
This design uses SuperMicro servers to provide compute and storage resources, and Juniper MX and QFX as gateway and switch fabric to provide network resources. The solution is built on non-proprietary systems, and is empowered by technology from partners such as as Juniper Networks, EMC, IBM, Redhat, Supermicro and the OpenStack community ecosystem at large.

High Evaluation Score

For complex solutions a common procurement process under the European public procurement act, is negotiated procedure. This procurement process takes the form of a single public procurement in three steps. The first step is a solution exploration phase, followed by a prototyping phase and finally a final bid phase.

The IPnett solution stood out throughout the NORDUnet procurement tender and especially in the final stage. The evaluation score it received was 75% HIGHER than its sole competing solution that got through to the test and pilot phase.

What made this solution a winning solution?

Self-Service Community Portal

First of all, the solution incorporates production-ready cuttingedge cloud technologies that span all aspects of compute, storage and network orchestration and automation. This enables IPnett to help NORDUnet build a fully-automated selfservice community portal where researchers from different institutions and universities across the Nordic countries can request compute and storage resources and get them momentarily. This solution not only frees scientists and researchers from IT chores and let them focus on their research, but also increase the operational efficiency of the IT department as the IP personnel can spend their valuable time on design, architecture and enhancements of the infrastructure instead of mundane configuration operations.

Open Standards

In addition, this solution is constructed to be very open. Both the Openstack and Contrail components in the solution are open-sourced to stimulate and incorporate latest innovations from the community of developers. This solution gives the users maximum transparency to address their security and privacy concerns. In addition, both OpenStack and Contrail also exposes open REST APIs to make the infrastructure programmable and can be fully automated.

Last but not least, Contrail SDN controller uses open proven standards so that virtual networks and policies can easily extend across multiple data centers and multiple clouds. Open source and open standards help prevent vendor lock-in and cap cost. Equally important is the security and reliability aspects of the solution. Security is not only achieved through open source, but also through roll-based access of OpenStack and network security through Contrail.

OpenStack supports identity management with Keystone module and role-based access control for better authentication and security. Endpoint groups implemented as virtual networks in Contrail are inherently secure and provide strict segregation between virtual and/or physical hosts in different virtual networks. This is done through discreet forwarding tables for different virtual networks at the hypervisor level. Interaction between different virtual networks can be clearly defined through policies and enforced by the policy Engine.