![Page 1: Cloud Based VDI with OpenStack, by Shifen Yang](https://reader036.vdocuments.net/reader036/viewer/2022062617/54b823c34a795940358b463a/html5/thumbnails/1.jpg)
Cloud Based VDI with OpenStack
1
精雲科技股份有限公司
August 11, 2012
![Page 2: Cloud Based VDI with OpenStack, by Shifen Yang](https://reader036.vdocuments.net/reader036/viewer/2022062617/54b823c34a795940358b463a/html5/thumbnails/2.jpg)
Agenda
2
![Page 3: Cloud Based VDI with OpenStack, by Shifen Yang](https://reader036.vdocuments.net/reader036/viewer/2022062617/54b823c34a795940358b463a/html5/thumbnails/3.jpg)
Virtual Desktop Infrastructure (VDI)
3
![Page 4: Cloud Based VDI with OpenStack, by Shifen Yang](https://reader036.vdocuments.net/reader036/viewer/2022062617/54b823c34a795940358b463a/html5/thumbnails/4.jpg)
Use Case 1 – Launch a VM
4
![Page 5: Cloud Based VDI with OpenStack, by Shifen Yang](https://reader036.vdocuments.net/reader036/viewer/2022062617/54b823c34a795940358b463a/html5/thumbnails/5.jpg)
Nova
A compute cloud for virtual desktop Using essex –2, Dec 16, 2011 Will merge to folsom release
5
![Page 6: Cloud Based VDI with OpenStack, by Shifen Yang](https://reader036.vdocuments.net/reader036/viewer/2022062617/54b823c34a795940358b463a/html5/thumbnails/6.jpg)
Modification to Nova
Extended nova API
• Manage SPICE
• Manage images
• Single sign on SPICE port management
• iptables filter for SPICE port
• Report IP and SPICE port of a VM
6
![Page 7: Cloud Based VDI with OpenStack, by Shifen Yang](https://reader036.vdocuments.net/reader036/viewer/2022062617/54b823c34a795940358b463a/html5/thumbnails/7.jpg)
Modification to Nova - continue
Differential snapshot
• Launch VM with a base image and chains of differential snapshot images
• Merge differential snapshots
• Encryption and decryption of snapshot images
7
![Page 8: Cloud Based VDI with OpenStack, by Shifen Yang](https://reader036.vdocuments.net/reader036/viewer/2022062617/54b823c34a795940358b463a/html5/thumbnails/8.jpg)
Tuning and Testing
libvirt parameters for desktop
• virtio PCI, block, ring, serial (SPICE), balloon, network,
• ide, qxl, usb Image run time location
• Local versus shared nova network
• One per nova API
• One per nova compute node VM’s per server User experience benchmarking
8
![Page 9: Cloud Based VDI with OpenStack, by Shifen Yang](https://reader036.vdocuments.net/reader036/viewer/2022062617/54b823c34a795940358b463a/html5/thumbnails/9.jpg)
Glance
A virtual desktop image repository Using essex-4, March 1, 2012 No modification Will upgrade to folsom release
9
![Page 10: Cloud Based VDI with OpenStack, by Shifen Yang](https://reader036.vdocuments.net/reader036/viewer/2022062617/54b823c34a795940358b463a/html5/thumbnails/10.jpg)
Quantum
Evaluating and testing Will use folsom release
10
![Page 11: Cloud Based VDI with OpenStack, by Shifen Yang](https://reader036.vdocuments.net/reader036/viewer/2022062617/54b823c34a795940358b463a/html5/thumbnails/11.jpg)
Use Case 2 – User Login
11
![Page 12: Cloud Based VDI with OpenStack, by Shifen Yang](https://reader036.vdocuments.net/reader036/viewer/2022062617/54b823c34a795940358b463a/html5/thumbnails/12.jpg)
Keystone
An authentication system for cloud storage, as well as virtual desktop session
Using essex-3, January 26, 2012 Merging to folsom-2
12
![Page 13: Cloud Based VDI with OpenStack, by Shifen Yang](https://reader036.vdocuments.net/reader036/viewer/2022062617/54b823c34a795940358b463a/html5/thumbnails/13.jpg)
Keystone – essex-3
13
![Page 14: Cloud Based VDI with OpenStack, by Shifen Yang](https://reader036.vdocuments.net/reader036/viewer/2022062617/54b823c34a795940358b463a/html5/thumbnails/14.jpg)
Modification to Keystone
Microsoft Active Directory (AD) backend Support domain, organizational unit Will support security and distribution groups Will merge with Keystone AD backend
• https://blueprints.launchpad.net/keystone/+spec/ad-ldap-identity-backend
14
![Page 15: Cloud Based VDI with OpenStack, by Shifen Yang](https://reader036.vdocuments.net/reader036/viewer/2022062617/54b823c34a795940358b463a/html5/thumbnails/15.jpg)
Use Case 3 – Check Policy
15
![Page 16: Cloud Based VDI with OpenStack, by Shifen Yang](https://reader036.vdocuments.net/reader036/viewer/2022062617/54b823c34a795940358b463a/html5/thumbnails/16.jpg)
Policy Outside of Keystone
Role based access control (RBAC) Keystone roles
• super admin, cloud admin, operation admin, client user
Users of each role has permission to perform certain actions
Example VDI rule for client user
• Publish golden image Example Cloud Storage rule for client user
• Get own storage usage
16
![Page 17: Cloud Based VDI with OpenStack, by Shifen Yang](https://reader036.vdocuments.net/reader036/viewer/2022062617/54b823c34a795940358b463a/html5/thumbnails/17.jpg)
Policy Outside of Keystone - continued Will merge with Keystone V3 API and RBAC
• https://blueprints.launchpad.net/keystone/+spec/implement-v3-core-api
• https://blueprints.launchpad.net/keystone/+spec/rbac-keystone-api
• https://blueprints.launchpad.net/keystone/+spec/rbac-keystone
17
![Page 18: Cloud Based VDI with OpenStack, by Shifen Yang](https://reader036.vdocuments.net/reader036/viewer/2022062617/54b823c34a795940358b463a/html5/thumbnails/18.jpg)
Swift
Unstructured storage, as well as an object storage for virtual desktop images
Using 1.4.9, April 2, 2012 Merging to folsom-2
18
![Page 19: Cloud Based VDI with OpenStack, by Shifen Yang](https://reader036.vdocuments.net/reader036/viewer/2022062617/54b823c34a795940358b463a/html5/thumbnails/19.jpg)
Swift
19
![Page 20: Cloud Based VDI with OpenStack, by Shifen Yang](https://reader036.vdocuments.net/reader036/viewer/2022062617/54b823c34a795940358b463a/html5/thumbnails/20.jpg)
Modification to Swift
Support upload > 5GB Extended API for storage quota
• Enforce storage quota per user, organization unit (OU), domain
• Report storage and bandwidth usage Metadata search Will merge with Swift blueprints
• https://blueprints.launchpad.net/swift/+spec/large-single-uploads
• https://blueprints.launchpad.net/swift/+spec/storage-quotas
20
![Page 21: Cloud Based VDI with OpenStack, by Shifen Yang](https://reader036.vdocuments.net/reader036/viewer/2022062617/54b823c34a795940358b463a/html5/thumbnails/21.jpg)
Use Case 4 – Update Ring Files
21
![Page 22: Cloud Based VDI with OpenStack, by Shifen Yang](https://reader036.vdocuments.net/reader036/viewer/2022062617/54b823c34a795940358b463a/html5/thumbnails/22.jpg)
Ring Server outside of Swift
Build new rings Updated rings after add/delete storage nodes or
disks Automatically push updated ring files to all proxy
servers and storage nodes Will merge with Swift blueprint
• https://blueprints.launchpad.net/swift/+spec/ring-builder-server
22
![Page 23: Cloud Based VDI with OpenStack, by Shifen Yang](https://reader036.vdocuments.net/reader036/viewer/2022062617/54b823c34a795940358b463a/html5/thumbnails/23.jpg)
Use Case 5 – Disaster Recovery
23
![Page 24: Cloud Based VDI with OpenStack, by Shifen Yang](https://reader036.vdocuments.net/reader036/viewer/2022062617/54b823c34a795940358b463a/html5/thumbnails/24.jpg)
Tuning and Testing
In main cloud storage
• Audit objects for integrity, but not impact regular traffic
• Timely container sync, but not impact regular traffic In backup cloud storage
• Rapid container sync for fast recovery
24
![Page 25: Cloud Based VDI with OpenStack, by Shifen Yang](https://reader036.vdocuments.net/reader036/viewer/2022062617/54b823c34a795940358b463a/html5/thumbnails/25.jpg)
Use Case 6 – Content Delivery Network
25
![Page 26: Cloud Based VDI with OpenStack, by Shifen Yang](https://reader036.vdocuments.net/reader036/viewer/2022062617/54b823c34a795940358b463a/html5/thumbnails/26.jpg)
On Top of Swift
Global file lock Access control Object compression and decompression for transfer
26
![Page 27: Cloud Based VDI with OpenStack, by Shifen Yang](https://reader036.vdocuments.net/reader036/viewer/2022062617/54b823c34a795940358b463a/html5/thumbnails/27.jpg)
Thank You
27