Deploying Red Hat Enterprise Linux OpenStack Platform
Defining the Cloud & OpenStack
IaaS, Private Cloud, & Compute
This course covers the Red Hat OpenStack Platform, a flexible infrastructure project that allows you to virtualize your cloud resources and use them when you need them. The course kicks off with an introduction to the basics of cloud computing, before defining the Red Hat OpenStack Platform and explaining how it can be used in conjunction with compute, storage and network functions. The course also explains the ways in which OpenStack is highly available and finally, it talks about deployment of the platform. Demonstrations and use cases throughout the course allow you to see how the Red Hat OpenStack Platform can be used in real-world situations.
- Learn the basics of cloud
- Understand what Red Hat OpenStack Platform is
- Learn how Red Hat OpenStack works with compute, storage and network resources.
- Learn how to deploy the Red Hat Enterprise Linux OpenStack Platform
- IT leaders, administrators, engineers, and architects
- Individuals wanting to understand the features and capabilities of Red Hat OpenStack Platform
There are no prerequisites for this course.
So, we're looking to wrap up these videos, talking a little bit about some of the things you need to think about when you want to deploy Red Hat Enterprise Linux OpenStack Platform. So, in this video, we're going to take a look at some of those elements that our cloud consulting practitioners have come across.
So, to start off with, what we want to do is explain the relationship between OpenStack and Red Hat Enterprise Linux OpenStack Platform. What you'll notice here in the slide is that there is this additional element sitting in the middle. RDO represents a freely available community-supported distribution of OpenStack that runs on Red Hat Enterprise Linux, CentOS, Fedora, and their various derivatives.
Now, the interesting part here is that RDO follows the same, we'll call it bleeding edge, upstream OpenStack release cadence. While it will run on Enterprise Linux distros, there are no certifications. It's only community support and it has a six-month life cycle. The stuff you're putting in your data center probably needs something a little longer than that, and so that's where Red Hat Enterprise Linux OpenStack Platform comes in. This is the one that will offer you support, stable and tested packages, but also provides a set of comprehensive trainings and certifications for your data center.
Now, the release cadence that we're looking at these, OpenStack project develops the code, it does not handle packaging for any specific platforms. Now, as a distribution of
OpenStack, RDO will package that upstream OpenStack component to run well together with the Red Hat derived distributions. And it provides companies with installation tools to make it easier to deploy OpenStack. RDO is not a fork but it's a community focused on packing and integrating code from the upstream project on the Red Hat derived distros.
Red Hat continues to participate in the development of the core OpenStack projects upstream and all relevant patches and bug reports are routed directly to the OpenStack community code base.
Now, the Red Hat Enterprise Linux OpenStack Platform provides extensive support, security and bug fixes but also consulting support and training. While RDO can be used for testing environments, it should not be used for production environments.
So, how do I go about getting support for OpenStack? Well, OpenStack relies on many projects of the open source ecosystem. For example, the hypervisors run on Red Hat Enterprise Linux with KVM and libvert. The project itself is written in Python and depends on various libraries such as cryptographic modules. Using a set of approved and tested components greatly reduces production risk such as security issues, outdated or incompatible packages.
When deploying OpenStack, administrators must take into account various criteria such as managing the operating system upgrades, deploying security patches, rolling back the deployment of a package, insuring compatibility between all the services.
Now, deploying a supported version of OpenStack guarantees availability, stability, and security. But one of the keys, as shown in this slide, is the increasing number of core services in OpenStack makes it a little trickier to manage every single service and ensure there will be no conflicts between them.
Here, we can see the traditional services that are integrated, the Nova, Glance and Keystone for basic compute infrastructure, Cinder and Swift, extending our infrastructure, coupled with Neutron for networking. But notice here, there's a couple of new ones: Designate and Ironic.
Designate, providing DNS as a service; Ironic, supporting bare-metal provisioning. Yes, it's ironic that a cloud computing solution is focusing on bare-metal. Ceilometer and Horizon are some optional enhancements that we've integrated today; Barbican gives some key management elements.
So, let's consider the following use cases. Let's say a vulnerability has been discovered in Neutron that gives tenants the permission to access the private network of other tenants. While a patch has been released, it requires an upgrade of the Neutron DHCP agent. Such upgrade prevents the Neutron server from starting since it removed a library it was depending on. Or let's say a 0-day vulnerability has been made public. It affects a Python cryptographic module. While patching the module would be the safest option, this patch will revoke all existing tenant passwords. So, something like this is happening, what's the best action that you and I can take?
Well again, the upstream rate of change increases the difficulty in supporting, managing and understanding how services interact with each other. Deploying a supportive version and subscribing support allows companies to deal with such use cases and greatly reduce the number of incidences. RHEL-OSP offers the innovation of the OpenStack community project while also providing the security, stability and enterprise readiness of a platform built on Red Hat Enterprise Linux.
Here you can see our Support Matrix. We have to date four releases of the RHEL-OSP environment starting with Version 3, which is made generally available in July of 2013. Now, that first release, we were providing a year of support. When Version 4 came out, we stated that we would extend that support to a year and a half. Version 5 and we are now up to three years of support. Now, what's also interesting with this chart is how we have a broken up Phase 1 and Phase 2 of support.
Again, in both phases, you get technical support, you get security errata, you get bug fixes. In Phase 1 though, exclusively to Phase 1, this is where you might see us possibly backporting new features from later versions into this earlier version, though we're trying not to do that too often. But in Phase 1, it's also when we will get the new partner editions and certifications. We hope as time goes on that we will be able to extend this support matrix to be even further out.
Now, what are some key dimensions to support? A little while ago, three members of our cloud management strategy group, Alessandro Perilli, Eric Morrissey and Massimo Ferrari wrote an article focusing on what were the six key dimensions in looking to evaluate whether or not you are going to be able to receive enterprise-grade support. Well, let's face it. While Red Hat Enterprise Linux OpenStack platform is its own entity, it cannot be divorced from the underlying Linux operating system. As OpenStack needs a number of facilities and libraries provided by that core OS, there really is no way to decouple the two.
So, to provide enterprise-grade support, any vendor offering a commercial addition must package it with an OS that is proven from a reliability and security standpoint as well as deeply understood because we need to get those issues fixed in case things go wrong. And let's face it, things will always go wrong at some point.
In fact, those strategy folks identified that in more than one deal that they've been involved in, Red Hat has been called in to replace an existing OpenStack vendor due to our deep experience and expertise in both the underlying OS and OpenStack itself. In most cases, we have been asked to first support the existing implementation and then help the client migrate to our own OpenStack distribution.
But a second key is security response. Like every other piece of software, OpenStack is prone to security vulnerabilities. It's a fact of nature with software. The problem is that like any other cloud engine, OpenStack is a mission-critical piece of software on which many lines of your business may depend when their apps run in the cloud. So, again, any vendor offering a commercial addition of OpenStack must be capable of addressing security issues as they arise, as fast as possible and in the most possible competent way.
More often than you can imagine, Red Hat has been selected in deals because of the vast skills of our Global Security Response team and their track record of fixing 97% of security issues within 24 hours. It's definitely one of the groups we are incredibly proud of.
But another key we're looking for is certification and compliance. To trust any solution on the market to run mission-critical systems, your enterprises need certification and compliance in a wide number of areas; whether it be software and hardware integration, whether it be security, whether it be government regulation. Actually, in specific environments peace of mind is not really even the biggest issue; a lot of organizations simply cannot operate without regulatory compliance.
We have more than 270 certified OpenStack partners. We have the industry's largest certified ecosystem in support of commercial OpenStack deployments. This gives you the freedom of choice and peace of mind that is necessary to build and operate an actual hybrid cloud. In fact, did you know that we have over 25 Microsoft SVVP certifications to support various Windows operating systems?
But you also want to be looking for vertical consulting. Like any software solution, enterprises need to adapt OpenStack to their ever-evolving business needs and integrate it with the remarkably heterogeneous IT systems.
To provide enterprise-grade support, any vendor offering a commercial edition must support its deployment, integration and customization with a global consulting arm that is vertically skilled on the product and its complexities. This awareness is what has led Red Hat to some key strategic investments like the acquisition of eNovance bringing more than 100 OpenStack engineers to the Red Hat Consulting organization. The establishment of a cloud innovation practice to help transfer the new skillsets required to govern a cloud environment without taking its ownership in a typical managed services fashion. And, of course, a creation of a comprehensive hands-on OpenStack training.
Another key would be code indemnification. Like any other open source project, OpenStack contributions come from a vibrant and highly skilled community of individuals and vendors. Despite the deep expertise, contributors are humans and can unintentionally violate intellectual property rights in their open source code. Commercial support needs to protect its customers from legal repercussion in case of intellectual property right infringements.
We're proud to be one of the few open source vendors to offer code indemnification as an additional support mechanism for our enterprise customers. Our commitment doesn't just imply taking care of the legal implications but it extends to quickly providing a technical replacement for the disputed code.
And lastly, extended cloud management. You may recall in one of the earlier videos that we, while very proud of OpenStack as a powerful and flexible infrastructure as a service engine, it's not enough to just build an enterprise-grade cloud. You need governance capabilities, policy enforcement, capacity management, configuration management. And so to provide that level of support, can we build a true open hybrid cloud? And that's where CloudForms make a huge difference to our customers. CloudForms, which allows us to be able to manage not only OpenStack but also RHEV, other virtualization vendors and many of the public clouds.
Red Hat Services is designed to provide you with the help that you need. And so three arms of services. Support will provide you with things like the customer portal, where not only can you get access to the code but you also gain access to articles, solutions and up-to-date documentation for all the supported products. It is through that portal that you will see the security advisories and the bug advisories that are available to you.
Red Hat Consulting has implemented various innovation paths; how do we put together solutions for our customers? And they are widely experienced in cloud, application and infrastructure services and can even provide you with platform and application migrations.
And then there's also the part of Red Hat Services that I come from, Training. We have a world-class certification program to turn you into a Certified OpenStack System Administrator. We have comprehensive curriculum paths that can start you from the beginning of understanding to becoming an architect of the solutions that your companies need. We even give you a choice in delivery modalities where you can be coming to an instructor-led training class, where you are sitting down with your peers and with a highly qualified instructor guiding you in your learning.
Or if taking time to go to a classroom doesn't work, or you can't travel, we can provide that same instructor experience in a virtual training environment, where your peers may be located throughout the country or perhaps throughout the world, taking that class with you in an online delivery environment.
For those of you that prefer more of a self-paced environment, we have an online learning environment known as ROLE, where you can go in and work through the materials at your own pace. And most recently, we have introduced a new Red Hat Learning Subscription, a way for you in a 12-month period to gain access to a huge catalog of curriculum, to make you as strong a technical expert as possible in using the Red Hat services and products.
In fact, a logical next step from these videos would be for you to go and look at CL210, Red Hat OpenStack Administration 1, where you can continue your journey in learning OpenStack and getting ready to become that RHCSA in OpenStack and I hope to see you there soon.
Jeremy is a Content Lead Architect and DevOps SME here at Cloud Academy where he specializes in developing DevOps technical training documentation.
He has a strong background in software engineering, and has been coding with various languages, frameworks, and systems for the past 25+ years. In recent times, Jeremy has been focused on DevOps, Cloud (AWS, GCP, Azure), Security, Kubernetes, and Machine Learning.
Jeremy holds professional certifications for AWS, GCP, and Kubernetes.