Cloud computing provides users with access to a shared collection of computing resources: networks for transfer, servers for storage, and applications or services for completing tasks.
The compelling features of a cloud are:
· On-demand self-service: Users can automatically provision needed computing capabilities, such as server time and network storage, without requiring human interaction with each service provider.
· Network access: Any computing capabilities are available over the network. Many different devices are allowed access through standardized mechanisms.
· Resource pooling: Multiple users can access clouds that serve other consumers according to demand.
· Elasticity: Provisioning is rapid and scales out or is based on need.
· Metered or measured service: Cloud systems can optimize and control resource use at the level that is appropriate for the service. Services include storage, processing, bandwidth, and active user accounts. Monitoring and reporting of resource usage provides transparency for both the provider and consumer of the utilized service.
Cloud computing offers different service models depending on the capabilities a consumer may require.
· SaaS: Software-as-a-Service. It provides the consumer the ability to use the software in a cloud environment, such as web-based email for example.
· PaaS: Platform-as-a-Service. It provides the consumer the ability to deploy applications through a programming language or tools supported by the cloud platform provider. An example of Platform-as-a-service is an Eclipse/Java programming platform provided with no downloads required.
· IaaS: Infrastructure-as-a-Service. It provides infrastructure such as computer instances, network connections, and storage so that people can run any software or operating system.
Cloud Deployment Models:
· A private cloud operates for a single organization, but can be managed on-premise or off-premise.
· A public cloud has an infrastructure that is available to the general public or a large industry group and is likely owned by a cloud services company.
· A hybrid cloud can be a deployment model, as a composition of both public and private clouds, or a hybrid model for cloud computing may involve both virtual and physical servers.
OpenStack
The OpenStack project is an open source cloud computing platform that supports all types of cloud environments. OpenStack project aims for simple implementation, massive scalability, and a rich set of features. Cloud computing experts from around the world contribute to the project.
OpenStack provides an Infrastructure-as-a-Service (IaaS) solution through a variety of complemental services. Each service offers an application programming interface (API) that facilitates this integration.
OpenStack Services
OpenStack Identity concepts
The OpenStack Identity Service(KeyStone) performs the following functions:
• Tracking users and their permissions.
• Providing a catalog of available services with their API endpoints.
When installing OpenStack Identity service, you must register each service in your OpenStack installation. Identity service can then track which OpenStack services are installed, and where they are located on the network.
To understand OpenStack Identity, you must understand the following concepts:
User: Digital representation of a person, system, or service who uses OpenStack cloud services. The Identity service validates that incoming requests are made by the user who claims to be making the call.
Users have a login and may be assigned tokens to access resources. Users can be directly assigned to a particular tenant and behave as if they are contained in that tenant.
Credentials: Data that confirms the user's identity. For example: user name and password, user name and API key, or an authentication token provided by the Identity Service.
Authentication: The process of confirming the identity of a user. OpenStack Identity
confirms an incoming request by validating a set of credentials supplied by the user. These credentials are initially a user name and password, or a user name and API key. When user credentials are validated, OpenStack Identity issues an authentication token which the user provides in subsequent requests.
Token: An alpha-numeric string of text used to access OpenStack APIs and resources. A token may be revoked at any time and is valid for a finite duration.
While OpenStack Identity supports token-based authentication in this release, the intention is to support additional protocols in the future. Its main purpose is to be an integration service, and not aspire to be a full-fledged identity store and management solution.
Tenant: A container used to group or isolate resources. Tenants also group or isolate identity objects. Depending on the service operator, a tenant may map to a customer, account, organization, or project.
Service: An OpenStack service, such as Compute (nova), Object Storage (swift), or Image Service (glance). It provides one or more endpoints in which users can access resources and perform operations.
Endpoint: A network-accessible address where you access a service, usually a URL address. If you are using an extension for templates, an endpoint template can be created, which represents the templates of all the consumable services that are available across the regions.
Role: A personality with a defined set of user rights and privileges to perform a specific set of operations. In the Identity service, a token that is issued to a user includes the list of roles. Services that are being called by that user determine how they interpret the set of roles a user has and to which operations or resources each role grants access.
Keystone Client: A command line interface for the OpenStack Identity API. For example, users can run the keystone service-create and keystone endpoint-create commands to register services in their OpenStack installations.
Projects or Tenants?
In OpenStack, a group of users is referred to as a project or tenant. These terms are interchangeable.
OpenStack Compute Service (nova) use the term “project” to refer to a group of users, whereas keystone uses the term “tenant”.
Managing Projects
Adding Projects
Users must be associated with at least one project, though they may belong to many. Therefore, you should add at least one project before adding users.
To create a project through the OpenStack dashboard:
· Log in as an administrative user.
· Select the Admin tab in the left navigation bar.
· Under Identity Panel, click Projects.
· Click the Create Project button.
You are prompted for a project name and an optional, but recommended, description. Select the checkbox at the bottom of the form to enable this project. By default, it is enabled.
It is also possible to add project members and adjust the project quotas. Where Quotas are operational limits. For example, the number of gigabytes allowed per tenant can be controlled to ensure that a single tenant cannot consume all of the disk space. Quotas are currently enforced at the tenant (or project) level, rather than the user level.
To add a project through the command line, you must use the keystone utility, which uses tenant in place of project:
# keystone tenant-create –name=demo
This command creates a project named "demo."
Ex: # keystone tenant-create –name=demo --description “My Demo Project” --enabled false
We can add a description string by appending --description tenant-description, and can also create a group in a disabled state by appending --enabled false to the command. By default, projects are created in an enabled state.
Comments
Post a Comment