Building a European PaaS | anynines

Building a European Cloud

Mittwoch, 16. Oktober 13

European Cloud?


Hungarian Cloud?


Budapest Cloud?


Your personal Cloud??


The cloud is about sharing.


Spare capacity,
Virtualization,
Share spare capacity
Pay as you go


So why not share globally?


Privacy


Any transfer of personal data
of EU citizen to a non-EU
state with a lower data
privacy level compared to EU
standards is prohibited.
- Directive 95/46/EC


EU Safe Harbor


• is a EU directive
• regulates the processing of personal
data within the European Union


U.S. - EU Safe Harbor


• Self(!)-certiﬁcation process
• = swear to the United States

Department of Commerce to comply to
EU privacy laws


A memo from the
EU commision:


"The Safe Harbour agreement may not
be so safe after all."
European Commission
MEMO/13/710 19/07/2013
http://rh.gd/1hBKIrf


Patriot Act


"Uniting (and) Strengthening America
(by) Providing Appropriate Tools
Required (to) Intercept (and) Obstruct
Terrorism Act of 2001."


• United States federal law
• Signiﬁcantly enhanced and broadened

federal government powers in the realm
of

• Electronic Surveillance
• Anti-money laundering
• Border Security, ...

10 Titles of the Patriot Act


• Title I: Enhancing domestic security against terrorism
• Title II: Surveillance procedures
• Title III: Anti-money-laundering to prevent terrorism
• Title IV: Border security
• Title V: Removing obstacles to investigating terrorism
• Title VI: Victims and families of victims of terrorism
• Title VII: Increased information sharing for critical infrastructure
protection

• Title VIII: Terrorism criminal law
• Title IX: Improved Intelligence
• Title X: Miscellaneous


Patriot Act
beats
Safe Harbor


Where security
meets freedom


The story of
lavabit.com


• Encrypted email service (*2004) by
Ladar Levison

• Used by Edward Snowden
• Ordered to turn over its SSL private key


Levison's was put to the decision:
shutdown or “become complicit in
crimes against the American people”.


Lavabit.com was shut down
on August 8, 2013


"This experience has taught me one
very important lesson: without
congressional action or a strong
judicial precedent, I would strongly
recommend against anyone trusting
their private data to a company with
physical ties to the United States".
- Ladar Levison, Lavabit.com


• It's not about having data on European
servers

• It's not about having a European
company


It‘s about
staying completely off any
US provider and don‘t tie
to the US in person or with
your company.


Relying on
open source software
is a good choice, too.


How to build a
European cloud?


Cloud Building


Cloud,
a term
that has been
overdone


IaaS
PaaS
SaaS


A 2013 proposal for an
open source based
Cloud


Hardware


Infrastructure as a Service (IaaS)
Servers,
Network,
Storage

Hardware


PaaS (PaaS)
VMs,
Network,
Storage

Servers,
Network,
Storage

Hardware


Applications
CF API (deploy,
scale, services, ...)

PaaS (PaaS)
VMs,
Network,
Storage

Servers,
Network,
Storage

Hardware


OpenStack (IaaS)
Servers,
Network,
Storage

Hardware


Cloud Foundry (PaaS)
VMs,
Network,
Storage

OpenStack (IaaS)
Servers,
Network,
Storage

Hardware


Applications
CF API (deploy,
scale, services, ...)

Cloud Foundry (PaaS)
VMs,
Network,
Storage

OpenStack (IaaS)
Servers,
Network,
Storage

Hardware


OpenStack


OpenStack architecture

Key-Stone


Nova


Glance


Cinder


Swift


Neutron


OpenStack provides us
an IaaS ready to deploy
Cloud Foundry.


Cloud Foundry


• CF = large distributed system
• Inner shell vs. outer shell
• Bosh = Bosh outer shell > deploy CF


Simpliﬁed
Cloud Foundry
Architecture


API request

Router
Router

Droplet request

DEA
DEA
DEA
DEA
DEA

Router
Cloud Controller
Droplet change
notiﬁcations
Request droplet
start/stop

Droplet heartbeat &
exit messages

Router
Health Manager
Get desired states
Droplet / Service metadata

Cloud
Controller
Database

Consume a service

Service
Services
Services
(e.g. MySQL)
Services
(e.g. MySQL)
(e.g. MySQL)
(e.g. MySQL)


Cloud Controller
API request

Router
Router

Droplet request

DEA
DEA
DEA
DEA
DEA

Router
Cloud Controller
Droplet change
notiﬁcations
Request droplet
start/stop

• Offers the CF API endpoint
• System authority for issuing
commands

Droplet heartbeat &
exit messages

Router
Health Manager
Get desired states

Cloud
Controller
Database

• Start apps
• Create service
• Binding services

Consume a service

Service
Services
Services
(e.g. MySQL)
Services
(e.g. MySQL)
(e.g. MySQL)
(e.g. MySQL)


DEA
API request

Router
Router

Droplet request

DEA
DEA
DEA
DEA
DEA

Router
Cloud Controller
Droplet change
notiﬁcations
Request droplet
start/stop

Droplet heartbeat &
exit messages

Router
Health Manager
Get desired states

Cloud
Controller
Database

Consume a service

Service
Services
Services
(e.g. MySQL)
Services
(e.g. MySQL)
(e.g. MySQL)
(e.g. MySQL)


• droplet = dea.staging(app_code)
• Staging = executing buildpacks
• Warden
• Starts and runs droplets

Health Manager
API request

Router
Router

Droplet request

DEA
DEA
DEA
DEA
DEA

Router
Cloud Controller
Droplet change
notiﬁcations
Request droplet
start/stop

Droplet heartbeat &
exit messages

• compares desired system state

Router
Health Manager

with actual system state

Get desired states

Cloud
Controller
Database

Consume a service

Service
Services
Services
(e.g. MySQL)
Services
(e.g. MySQL)
(e.g. MySQL)
(e.g. MySQL)


• sends advice to CC
• CC acts

Router
API request

Router
Router

Droplet request

DEA
DEA
DEA
DEA
DEA

Router
Cloud Controller
Droplet change
notiﬁcations
Request droplet
start/stop

Droplet heartbeat &
exit messages

Get desired states
Consume a service

Service
Services
Services
(e.g. MySQL)
Services
(e.g. MySQL)
(e.g. MySQL)
(e.g. MySQL)


app instances are

• routes incoming requests to

Router
Health Manager

Cloud
Controller
Database

• knows on which DEAs your
the right DEAs

Services
API request

Router
Router

Droplet request

DEA
DEA
DEA
DEA
DEA

Router
Cloud Controller
Droplet change
notiﬁcations
Request droplet
start/stop

Droplet heartbeat &
exit messages

Router
Health Manager
Get desired states

Cloud
Controller
Database

Consume a service

Service
Services
Services
(e.g. MySQL)
Services
(e.g. MySQL)
(e.g. MySQL)
(e.g. MySQL)


• Create service = provision
• Bind = create credentials
• Apps bind to services
• Credentials as ENV variables

What you get?


Questions?


Thank you!


Code
require "fileutils"
require "find"
require "fog"
class Blobstore
  def initialize(connection_config, directory_key, cdn=nil, root_dir=nil)
    @root_dir = root_dir
    @connection_config = connection_config
    @directory_key = directory_key
    @cdn = cdn
  end
  def local?
    @connection_config[:provider].downcase == "local"
  end
  def exists?(key)
    !file(key).nil?
  end
  def download_from_blobstore(source_key, destination_path)
    FileUtils.mkdir_p(File.dirname(destination_path))
    File.open(destination_path, "w") do |file|
      (@cdn || files).get(partitioned_key(source_key)) do |*chunk|
        file.write(chunk[0])
      end
    end
  end
  def cp_r_to_blobstore(source_dir)
    Find.find(source_dir).each do |path|
      next unless File.file?(path)
      sha1 = Digest::SHA1.file(path).hexdigest
      next if exists?(sha1)
      cp_to_blobstore(path, sha1)
    end
  end
  def cp_to_blobstore(source_path, destination_key)
    File.open(source_path) do |file|


Building a European PaaS | anynines

Recommandé

Recommandé

Contenu connexe

En vedette

En vedette (10)

Similaire à Building a European PaaS | anynines

Similaire à Building a European PaaS | anynines (20)

Plus de anynines GmbH

Plus de anynines GmbH (18)

Dernier

Dernier (20)

Building a European PaaS | anynines