How to build a private IaaS cloud platform? - Part III, Operating System
By Karoly Vegh-Oracle on Feb 05, 2013
This is Part III of the series "How to build a private IaaS cloud platform?", elaborating about the platform requirements to face when building a multipurpose Infrastructure as a Service platform.
In this post we are looking into the requirements the chosen OS has to fulfill.
See the Main Summary Post with links to the other sections (requirements analysis for CPU/Server features, shared storage, virtualization, etc) here.
Part III: Operating System
- Application Separation: Every customer wants to have their applications in separated, self-contained environments, but noone wants to have separate VM for each and every of their applications, fragmenting their resources. To fulfill this balancing act, the OS running in the VM shall provide a facility to logically segregate the environments for different applications.
- Safe Updates: Updating the OS in the VMs has to happen in a fast, reliable fashion, with minimal downtime and the option to rollback.
- Security Hardening: In a shared Cloud environment customers will be extremely security-aware to protect their data and services. The hardening of the OS installation shall happen with minimum effort to the highest sensible levels.
- HA Platform: The OS must support a HighAvailability framework enabling customers to failover/scale services among many VMs. This allows customers to do maintenance on one node while the other one is servicing requests, and respectively keep the services running in case of an outage.
- Integration with HardWare and HyperVisor: The Operating System must be aware of the HW and HV it is running on, closely cooperating with both in case of resource reconfiguration, maintenance, migration of VMs.
- License costs: You know the drill. The lower the stacking costs the happier your procurement will be.
And again, we got this far. We have some important requirements to fulfill. Allow me to introduce Solaris 11, in case you were not familiar with it yet - and also, allow me to show you how they fulfill these requirements.
How Oracle Solaris 11 fulfills these requirements is:
- Application separation: Solaris comes with the built-in virtualization technology, Solaris Zones. Zones are an overhead-free userspace OS-virtualization, separating application environments with dedicated userspace, dynamic resource management, dedicated users, separate software packages, their own network configuration, while avoiding the virtualization trap: there's no performance loss, for they are userspace containers.
With Solaris virtualization you can effectively overcommit the servers' CPU resources, consolidating more than usual, achieving a higher server utilization. The higher the servers are utilized, the most companies can get for their investment in servers.
- Safe Updates: Solaris comes with the BootEnvironments feature, that allows cloning the complete, running OS installation to create bootable fallback images before changes. This feature is completely integrated with Solaris 11's package system too - if one updates the operating system with a simple "pkg update" command, the packaging system creates a clone of the OS setup, and upgrades the packages on the clone instance, without changing anything on the running, live instance. The administrator can then decide when to boot and test the new image. (And of course can fall back to the original one, or any other, previously created one.)
Bootenvironments make remote Solaris 11 administration extremely safe.
- Security Hardening: Solaris 11 is hardened already in the initial installation state. Just a minimum set of packages is installed, negligible services are disabled. Role Based Access Control (RBAC) is extended and encouraged to use, packages are all cryptographically signed, the cryptoframework is ready to encrypt data.
Security hardening is essential in a shared cloud environment.
- HA Platform: For Solaris there is a complete HighAvailability Framework, Solaris Cluster, that is a multipurpose cluster framework, binding different Solaris installations into a cluster, failing over services from one clusternode to another one in case one Server/VM would fail, ensuring application availability. It comes with several built-in clusteragents for Oracle DB, MySQL, Zones, Java application servers, Webservers, etc.
Solaris cluster keeps your services running even if a single server would fail.
- License costs: The cost of running Solaris on Oracle Servers has been reduced to zero. All you need is a support contract for the HW to get the latest and greatest updates, fixes.
Do you still pay for OS licenses? Why?
Solaris 11 fulfills the most common IaaS platform requirements for operating systems, with default security hardening, application separation with OS virtualization, a multipurpose Clusterframework, zero license costs, safe updates and tight integration with the Oracle servers.