Red Hat CloudForms
Architectural Overview
Steve Reichard, RHCE
Principal Software Engineer
Vinn Valde!, RHCA
Principal Software Engineer
Version "#$
%a &$""
1801 Varsity Drive™
Raleigh NC 27606-2072 USA
Phone !1 "1" 7#$ %700
Phone 888 7%% $281
&a' !1 "1" 7#$ %701
P( )o' 1%#88
Resear*h +riangle Par, NC 2770" USA
UN-. is a registere/ tra/e0ar, o1 +he (2en 3ro425
-ntel an/ .eon are registere/ tra/e0ar,s o1 -ntel Cor2oration or its s46si/iaries in the Unite/ States
an/ other *o4ntries5
All other tra/e0ar,s re1eren*e/ herein are the 2ro2erty o1 their res2e*tive o7ners5
8 2011 6y Re/ 9at: -n*5 +his 0aterial 0ay 6e /istri64te/ only s46;e*t to the ter0s an/ *on/itions set
1orth in the (2en P46li*ation <i*ense: V150 or later =the latest version is 2resently availa6le at
htt2>>7775o2en*ontent5org>o2en246>?5
+he in1or0ation *ontaine/ herein is s46;e*t to *hange 7itho4t noti*e5 Re/ 9at: -n*5 shall not 6e lia6le
1or te*hni*al or e/itorial errors or o0issions *ontaine/ herein5
Distri64tion o1 0o/i1ie/ versions o1 this /o*40ent is 2rohi6ite/ 7itho4t the e'2li*it 2er0ission o1 Re/
9at -n*5
Distri64tion o1 this 7or, or /erivative o1 this 7or, in any stan/ar/ =2a2er? 6oo, 1or0 1or *o00er*ial
24r2oses is 2rohi6ite/ 4nless 2rior 2er0ission is o6taine/ 1ro0 Re/ 9at -n*5
+he 3P3 1inger2rint o1 the se*4rity@re/hat5*o0 ,ey is
CA 20 86 86 2) D6 "D &C 6# &6 AC C$ 21 "1 80 CD D) $2 A6 0A
Sen/ 1ee/6a*, to 4s at re1ar*h-1ee/6a*,@re/hat5*o0
refarch'feed(ac)*redhat#com " www#redhat#com
Table of Contents
1 A'e*4tive S400ary5555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555%
2 Re/ 9at Clo4/ Strategy5555555555555555555555555555555555555555555555555555555555555555555555555555555555555$
251 Clo4/&or0s Clo4/ Angine5555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555556
252 Clo4/&or0s A22li*ation Angine55555555555555555555555555555555555555555555555555555555555555555555555555555555555555556
25% Clo4/&or0s Syste0 Angine5555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555557
25$ Clo4/&or0s Clo4/ Servi*es55555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555557
% Re/ 9at Clo4/ Sol4tion Ar*hite*t4re555555555555555555555555555555555555555555555555555555555555555558
%51 +he Clo4/ as vie7e/ 6y N-S+55555555555555555555555555555555555555555555555555555555555555555555555555555555555555555558
%52 Re/ 9at Clo4/&or0s an/ the N-S+ 0o/el5555555555555555555555555555555555555555555555555555555555555555555551$
%5% 9igh <evel &4n*tional Areas55555555555555555555555555555555555555555555555555555555555555555555555555555555555555555551"
$ Re/ 9at Clo4/&or0s Co02onents55555555555555555555555555555555555555555555555555555555555555555527
$51 Clo4/ -nter1a*e555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555528
$52 Content Provision Banage0ent55555555555555555555555555555555555555555555555555555555555555555555555555555555555555%1
$5% A22li*ation Des*ri2tion 3eneration555555555555555555555555555555555555555555555555555555555555555555555555555555555%2
$5$ -0age <i1e*y*le Banage0ent55555555555555555555555555555555555555555555555555555555555555555555555555555555555555555%$
$5# A22li*ation <i1e*y*le Banage0ent5555555555555555555555555555555555555555555555555555555555555555555555555555555555%"
$56 Clo4/ Servi*es5555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555$1
# 9igh <evel Ar*hite*t4ral A'a02le55555555555555555555555555555555555555555555555555555555555555555555$8
#51 (vervie755555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555$"
#52 De1ining A22li*ation De2loy0ent555555555555555555555555555555555555555555555555555555555555555555555555555555555555#1
6 Detaile/ Ar*hite*t4ral Cor,1lo7s555555555555555555555555555555555555555555555555555555555555555555555#$
651 &4n*tionality Ba22ing55555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555##
652 Ass402tions55555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555#6
65% De1ine555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555#7
65$ De2loy5555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555561
65# Banage555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555566
7 Ar*hite*t4ral (2erational &le'i6ility5555555555555555555555555555555555555555555555555555555555555555556"
751 Se*4rity: B4lti-tenan*y: Servi*e Pro'y55555555555555555555555555555555555555555555555555555555555555555555555555556"
752 Alternative De2loy0ents55555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555556"
8 Con*l4sion555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555570
A22en/i' A Contri64tors555555555555555555555555555555555555555555555555555555555555555555555555555555555555572
A22en/i' ) Re1eren*es555555555555555555555555555555555555555555555555555555555555555555555555555555555555557%
www#redhat#com & refarch'feed(ac)*redhat#com
" E+ecutive Summar
Clo4/ *o024ting is D4i*,ly 6e*o0ing the 2lat1or0 o1 *hoi*e 1or 4sers an/ 64sinesses that
7ant to re/4*e o2erating e'2enses an/ 6e a6le to s*ale reso4r*es ra2i/ly5 Aase/ a4to0ation:
1le'i6ility: 0o6ility: resilien*y: an/ re/4n/an*y are several other a/vantages o1 0oving
reso4r*es to the *lo4/5
Aven tho4gh *lo4/ *o024ting is in the early stages: there are /i11erent ty2es o1 *lo4/ sol4tions
availa6le to 64sinesses to/ay5 (n-2re0ise 2rivate *lo4/s allo7 64sinesses to ta,e a/vantage
o1 *lo4/ te*hnologies 7hile re0aining on a 2rivate net7or,5 P46li* *lo4/s allo7 64sinesses to
0a,e reso4r*es availa6le to e'ternal *ons40ers5 9y6ri/ *lo4/s allo7 the 6est o1 6oth 246li*
an/ 2rivate *lo4/ *o024ting 0o/els5
-n this 2a2er the *on*e2ts that *o02rise an -n1rastr4*t4re as a Servi*e =-aaS? Clo4/ are
/is*4sse/ 1irst at a high-level *on*e2t4al vie7: then 6ro,en /o7n into a*t4al 2ro/4*ts: an
e'a02le a22li*ation /e2loye/ an/ ea*h ste2 o1 this 4se *ase 6ro,en /o7n5 +he rea/er
*on*l4/es 7ith *o02lete ,no7le/ge o1 a Re/ 9at Clo4/&or0s: ho7 to /e2loy a22li*ations:
an/ ho7 Re/ 9at is 4niD4ely 2ositione/ to 6e the a4thoritative inter1a*e o1 all Private: 9y6ri/:
Co004nity: an/ P46li* Clo4/s5
refarch'feed(ac)*redhat#com , www#redhat#com
& Red Hat Cloud Strateg
Re/ 9atEs *lo4/ vision is 4nli,e that o1 any other -+ ven/or5 Ce re*ogniFe that yo4r -+
in1rastr4*t4re is - an/ 7ill *ontin4e to 6e - *o02ose/ o1 2ie*es 1ro0 0any /i11erent har/7are
an/ so1t7are ven/ors5 Ce let yo4 4se an/ 0anage these /iverse assets as one *lo4/:
ena6ling *lo4/ to 6e an evol4tion: not a revol4tion or a 0onolithi* sta*, lo*,e/ to the
te*hnology roa/0a2 an/ 64siness 2ra*ti*es o1 a single ven/or5
Chen yo4 *hoose Re/ 9at 1or yo4r *lo4/: yo4 get
• +he 0ost *o02rehensive sol4tions 1or *lo4/s - 6oth 2rivate an/ 246li*5
• Consistent enter2rise-*lass environ0ents that 6ri/ge the 2hysi*al an/ virt4al 7orl/:
insi/e the /ata *enter an/ 246li* *lo4/s5
• Strategi* 1le'i6ility 7itho4t lo*,-in5
• )etter in1rastr4*t4re: /esigne/ s2e*i1i*ally 1or 04lti-tenant *lo4/s5
• -n/4stry-lea/ing e*osyste0 that 0a,es *lo4/ 4sa6le: a**essi6le: an/ sa1e5
-n a 0ar,et 14ll o1 hy2e: Re/ 9at 0a,es the *lo4/ real an/ *o02elling5 +o/ay5
-n1rastr4*t4re-as-a-Servi*e =-aaS? is a6o4t /elivering in1rastr4*t4reG7hi*h is to say reso4r*es
li,e *o024te: storage: an/ net7or,ing - to 4sers5 Bany organiFations are getting into *lo4/
*o024ting 6y 64il/ing an on-2re0ise -aaS *lo4/5 +hey 0ay 7ant to ,ee2 the o2tion to 6ri/ge
1ro0 2rivate to 246li* *lo4/s: a5,5a5 hy6ri/ *lo4/s: o2en5 )4t they are o1ten *on*erne/ a6o4t
4sing 246li* *lo4/s 1or i02ortant 64siness a22li*ations: 7hether 6e*a4se o1 s2e*i1i* reg4latory
or a4/it iss4es or ;4st 6e*a4se they are 7ary o1 a//ing a ne7 ele0ent o1 2otential ris, to their
-+ governan*e5
+he -aaS ter0 is 7i/ely 4se/5 Dig /ee2er tho4gh: an/ yo4 1in/ that not all -aaS sol4tions are
*reate/ eD4al5 &or e'a02le: the ty2i*al -aaS 0anages the *lo4/ 64t /oes not 0anage the li1e-
*y*le o1 a22li*ations r4nning in the *lo4/ - even tho4gh the *lo4/ sho4l/ 6e in s422ort o1 the
a22li*ation an/ not the other 7ay aro4n/5
&4rther0ore: this ty2i*al -aaS 0a,es the naive ass402tion that organiFations are loo,ing to
start over 7ith a 6ran/ ne7 in1rastr4*t4re as they 0ove into *lo4/ *o024ting5 Nothing *o4l/ 6e
14rther 1ro0 the tr4th5 (rganiFations 7ant to ;oin the *lo4/ *o024ting revol4tion: 64t they 7ant
to /o it in an evol4tionary 7ay that leverages an/ e'ten/s their e'isting in1rastr4*t4re an/
0aintains 2orta6ility a*ross /i11erent te*hnology sta*,s an/ 2rovi/ers5
Re/ 9at Clo4/&or0s is /i11erent5 <i,e others: it allo7s organiFations to 64il/ an/ 0anage their
o7n -aaS *lo4/ 1or internal *ons402tion5 )4t it /oes 1ar 0ore5 -t integrates 7ith e'isting
2ro/4*ts an/ te*hnologies: in*l4/ing 2hysi*al servers an/ virt4aliFation 2lat1or0s 1ro0 other
ven/ors: to 2rovi/e the easiest on-ra02 to an on-2re0ise *lo4/5 -t 0anages a22li*ations
thro4gho4t their li1e-*y*le rather than ;4st the virt4al 0a*hine *ontainers in 7hi*h they sit5
-n short: Re/ 9at Clo4/&or0s is -n1rastr4*t4re-as-a-Servi*e /one right5
www#redhat#com - refarch'feed(ac)*redhat#com
Previo4sly: Re/ 9at has sho7n that Re/ 9at Clo4/ &o4n/ations 2rovi/e/ the ne*essary
te*hnologies nee/e/ 1or the *lo4/ in1rastr4*t4re5 Clo4/&or0s is the ne't generation o1
te*hnologies 7hi*h 64il/s 42on Re/ 9at Clo4/ &o4n/ations to 2rovi/e a *o02lete -aaS *lo4/
sol4tion5
Clo4/&or0s 2rovi/es the -aaS in1rastr4*t4re thro4gh
• A22li*ation <i1e*y*le Banage0ent
• Co024te Reso4r*e Banage0ent
• -n1rastr4*t4re Servi*es
refarch'feed(ac)*redhat#com . www#redhat#com
Illustration 2-1: Red Hat CloudForms
Clo4/&or0s is /elivering te*hnologies in the 1ollo7ing areas
• Clo4/&or0s Clo4/ Angine
• Clo4/&or0s A22li*ation Angine
• Clo4/&or0s Syste0 Angine
• Clo4/&or0s Clo4/ Servi*es
2.1 CloudForms Cloud Engine
Clo4/&or0s Clo4/ Angine is res2onsi6le 1or all *lo4/ reso4r*e 0anage0ent5 -t ena6les
*reating *lo4/ reso4r*es: 0anaging 2oli*ies an/ 7or,-1lo7s aro4n/ those reso4r*es: an/
governing a**ess an/ 2er0issions 1or the reso4r*es5 H4otas: D4ality-o1-servi*e: an/ se*4rity
2oli*ies are also 4n/er a/0inistrator *ontrol5 An/-4sers *an then 2rovision reso4r*es thro4gh
a sel1-servi*e 7e6 inter1a*e s46;e*t to 2oli*y *onstraints5
+he Clo4/&or0s Clo4/ Angine 2rovi/es 14n*tionality in the 1ollo7ing areas
• Clo4/ -nter1a*e
• A22li*ation <i1e*y*le Banage0ent
2.2 CloudForms Application Engine
+he Clo4/&or0s A22li*ation Angine 2rovi/es te02late-6ase/ 0anage0ent o1 a22li*ations5
(ne or 0ore te02lates *an then 6e aggregate/ or asso*iate/ an/ given the o2erational
2ara0eters an/ *on1ig4rations nee/e/ to 6oot: initialiFe: an/ 2rovi/e the /e1ine/ servi*es5
A22li*ation Angine there1ore e'2li*itly han/les a22li*ations that s2an 04lti2le virt4al 0a*hines:
a *o00on o**4rren*e5
+he Clo4/&or0s A22li*ation Angine 2rovi/es 14n*tionality in the 1ollo7ing areas
• A22li*ation Des*ri2tion 3eneration
• -0age <i1e*y*le Banage0ent
www#redhat#com / refarch'feed(ac)*redhat#com
2.3 CloudForms System Engine
Clo4/&or0s Syste0 Angine o2erationally 0anages r4nning syste0s a*ross 2hysi*al: virt4al:
an/ *lo4/ environ0ents5 -t 2rovi/es *ontin4o4s *o02lian*e o1 *ontent an/ *on1ig4rations =as
7ell as Re/ 9at entitle0ents? *onsistent 7ith the /e1initions 4se/ 6y A22li*ation Angine5 -t
64il/s on to2 o1 A22li*ation AngineIs 14n*tionality 6y 0onitoring an/ 42/ating 7hile syste0s
are r4nning on an ongoing 6asis5 Syste0 Angine also 7or,s in *on*ert 7ith A22li*ation Angine
6y s422lying *ontent that it *an 4se to 64il/ i0ages an/ /e2loy5
+he Clo4/&or0s Syste0 Angine 2rovi/es 14n*tionality in the area o1 Content Provision
Banage0ent5
2.4 CloudForms Cloud Services
Clo4/&or0s Clo4/ Servi*es 2rovi/e the *onsistent 14n*tionality a*ross varie/ *lo4/
environ0ents 1or a 7i/e variety o1 servi*e s4*h as storage: availa6ility: et*55
refarch'feed(ac)*redhat#com 0 www#redhat#com
, Red Hat Cloud Solution Architecture
-n this se*tion the *lo4/ /e1initions as *4rrently /e1ine/ 6y N-S+ are 2rovi/e/: the 0a22ing o1
Re/ 9at Clo4/&or0s to the /e1initions are 2ro2ose/: an/ a high level loo, that the Re/ 9at
Clo4/&or0s Sol4tion Ar*hite*t4re is /es*ri6e/5
3.1 The Cloud as viewed y !"ST
N-S+
1
=National -nstit4te o1 Stan/ar/s an/ +e*hnology? has 2ro/4*e/ several /o*40ents that
s422ly /e1initions an/ 2rovi/e *o00on ter0inology 1or the *lo4/ 2ara/ig0 that are reiterate/
in the re0ain/er o1 this se*tion5
• N-S+ De1inition o1 Clo4/ Co024ting
2
• N-S+ Clo4/ Co024ting Re1eren*e Ar*hite*t4re: v150
%
,#"#" 1efinition of Cloud Computing
Clo4/ *o024ting is a 0o/el 1or ena6ling *onvenient: on-/e0an/ net7or, a**ess to a share/
2ool o1 *on1ig4ra6le *o024ting reso4r*es =e5g5: net7or,s: servers: storage: a22li*ations: an/
servi*es? that *an 6e ra2i/ly 2rovisione/ an/ release/ 7ith 0ini0al 0anage0ent e11ort or
servi*e 2rovi/er intera*tion5 +his *lo4/ 0o/el 2ro0otes availa6ility an/ is *o02ose/ o1 1ive
essential *hara*teristi*s: three servi*e 0o/els: an/ 1o4r /e2loy0ent 0o/els5
,#"#& Essential Characteristics
On'demand self'service2
A *ons40er *an 4nilaterally 2rovision *o024ting *a2a6ilities: s4*h as server ti0e an/
net7or, storage: as nee/e/ a4to0ati*ally 7itho4t reD4iring h40an intera*tion 7ith ea*h
servi*eIs 2rovi/er5 )roa/ net7or, a**ess *a2a6ilities are availa6le over the net7or, an/
a**esse/ thro4gh stan/ar/ 0e*hanis0s that 2ro0ote 4se 6y heterogeneo4s thin or thi*,
*lient 2lat1or0s =e5g5: 0o6ile 2hones: la2to2s: an/ PDAs?5
Resource pooling2
+he 2rovi/erIs *o024ting reso4r*es are 2oole/ to serve 04lti2le *ons40ers 4sing a 04lti-
tenant 0o/el: 7ith /i11erent 2hysi*al an/ virt4al reso4r*es /yna0i*ally assigne/ an/
reassigne/ a**or/ing to *ons40er /e0an/5 +here is a sense o1 lo*ation in/e2en/en*e in
that the *4sto0er generally has no *ontrol or ,no7le/ge over the e'a*t lo*ation o1 the
2rovi/e/ reso4r*es 64t 0ay 6e a6le to s2e*i1y lo*ation at a higher level o1 a6stra*tion =e5g5:
*o4ntry: state: or /ata *enter?5 A'a02les o1 reso4r*es in*l4/e storage: 2ro*essing: 0e0ory:
net7or, 6an/7i/th: an/ virt4al 0a*hines5
www#redhat#com 3 refarch'feed(ac)*redhat#com
Rapid elasticit2
Ca2a6ilities *an 6e ra2i/ly an/ elasti*ally 2rovisione/: in so0e *ases a4to0ati*ally: to
D4i*,ly s*ale o4t an/ ra2i/ly release/ to D4i*,ly s*ale in5 +o the *ons40er: the *a2a6ilities
availa6le 1or 2rovisioning o1ten a22ear to 6e 4nli0ite/ an/ *an 6e 24r*hase/ in any D4antity
at any ti0e5
%easured Service2
Clo4/ syste0s a4to0ati*ally *ontrol an/ o2ti0iFe reso4r*e 4se 6y leveraging a 0etering
*a2a6ility at so0e level o1 a6stra*tion a22ro2riate to the ty2e o1 servi*e =e5g5: storage:
2ro*essing: 6an/7i/th: an/ a*tive 4ser a**o4nts?5 Reso4r*e 4sage *an 6e 0onitore/:
*ontrolle/: an/ re2orte/ 2rovi/ing trans2aren*y 1or 6oth the 2rovi/er an/ *ons40er o1 the
4tiliFe/ servi*e5
,#"#, Service %odels
Cloud 4nfrastructure as a Service 54aaS6
+he *a2a6ility 2rovi/e/ to the *ons40er is to 2rovision 2ro*essing: storage: net7or,s: an/
other 14n/a0ental *o024ting reso4r*es 7here the *ons40er is a6le to /e2loy an/ r4n
ar6itrary so1t7are: 7hi*h *an in*l4/e o2erating syste0s an/ a22li*ations5 +he *ons40er
/oes not 0anage or *ontrol the 4n/erlying *lo4/ in1rastr4*t4re 64t has *ontrol over
o2erating syste0s: storage: /e2loye/ a22li*ations: an/ 2ossi6ly li0ite/ *ontrol o1 sele*t
net7or,ing *o02onents =e5g5: host 1ire7alls?5
Cloud Platform as a Service 5PaaS6
+he *a2a6ility 2rovi/e/ to the *ons40er is to /e2loy onto the *lo4/ in1rastr4*t4re *ons40er-
*reate/ or a*D4ire/ a22li*ations *reate/ 4sing 2rogra00ing lang4ages an/ tools s422orte/
6y the 2rovi/er5 +he *ons40er /oes not 0anage or *ontrol the 4n/erlying *lo4/
in1rastr4*t4re in*l4/ing net7or,: servers: o2erating syste0s: or storage: 64t has *ontrol over
the /e2loye/ a22li*ations an/ 2ossi6ly a22li*ation hosting environ0ent *on1ig4rations5
Cloud Software as a Service 5SaaS6
+he *a2a6ility 2rovi/e/ to the *ons40er is to 4se the 2rovi/erIs a22li*ations r4nning on a
*lo4/ in1rastr4*t4re5 +he a22li*ations are a**essi6le 1ro0 vario4s *lient /evi*es thro4gh a
thin *lient inter1a*e s4*h as a 7e6 6ro7ser =e5g5: 7e6-6ase/ e0ail?5 +he *ons40er /oes not
0anage or *ontrol the 4n/erlying *lo4/ in1rastr4*t4re in*l4/ing net7or,: servers: o2erating
syste0s: storage: or even in/ivi/4al a22li*ation *a2a6ilities: 7ith the 2ossi6le e'*e2tion o1
li0ite/ 4ser-s2e*i1i* a22li*ation *on1ig4ration settings5
refarch'feed(ac)*redhat#com 7 www#redhat#com
,#"#- 1eploment %odels
Private cloud2
+he *lo4/ in1rastr4*t4re is o2erate/ solely 1or an organiFation5 -t 0ay 6e 0anage/ 6y the
organiFation or a thir/ 2arty an/ 0ay e'ist on 2re0ise or o11 2re0ise5
Communit cloud2
+he *lo4/ in1rastr4*t4re is share/ 6y several organiFations an/ s422orts a s2e*i1i*
*o004nity that has share/ *on*erns =e5g5: 0ission: se*4rity reD4ire0ents: 2oli*y: an/
*o02lian*e *onsi/erations?5 -t 0ay 6e 0anage/ 6y the organiFations or a thir/ 2arty an/
0ay e'ist on 2re0ise or o11 2re0ise5
Pu(lic cloud2
+he *lo4/ in1rastr4*t4re is 0a/e availa6le to the general 246li* or a large in/4stry gro42
an/ is o7ne/ 6y an organiFation selling *lo4/ servi*es5
H(rid cloud2
+he *lo4/ in1rastr4*t4re is a *o02osition o1 t7o or 0ore *lo4/s =2rivate: *o004nity: or
246li*? that re0ain 4niD4e entities 64t are 6o4n/ together 6y stan/ar/iFe/ or 2ro2rietary
te*hnology that ena6les /ata an/ a22li*ation 2orta6ility =e5g5: *lo4/ 64rsting 1or loa/-
6alan*ing 6et7een *lo4/s?5
,#"#. Cloud Actors
+he 1ollo7ing are so0e o1 the Clo4/ A*tors 1ro0 the N-S+ Clo4/ Bo/el5
Cloud Consumer
Person or organiFation that 0aintains a 64siness relationshi2 7ith: an/ 4ses servi*e 1ro0:
Clo4/ Provi/ers5
Clo4/ *ons40ers are *ategoriFe/ into three gro42s: 6ase/ on their /i11erent
a22li*ation>4sage s*enarios as liste/ in 8a(le ,'"2 Cloud Consumer Activities5
Consumer 8pe %a9or Activities
-aaS
Creates>installs: 0anages an/ 0onitors servi*es 1or -+
in1rastr4*t4re o2erations5
PaaS
Develo2s: tests: /e2loys an/ 0anages a22li*ations in a
*lo4/ environ0ent5
SaaS Uses a22li*ation>servi*e 1or 64siness 2ro*ess o2erations
Table 3-1: Cloud Consumer Activities
www#redhat#com "$ refarch'feed(ac)*redhat#com
Cloud Provider
Person: organiFation or entity res2onsi6le 1or 0a,ing a servi*e availa6le to Clo4/
Cons40ers5
+he 2rovi/ers 2er1or0 /i11erent tas,s 1or /i11erent servi*e ty2es: 7hi*h are liste/ in
8a(le ,'&2 Cloud Provider Activities5
Provider 8pe %a9or Activities
-aaS
Provisions an/ 0anages the 2hysi*al 2ro*essing: storage:
net7or,ing an/ the hosting environ0ent an/ *lo4/
in1rastr4*t4re 1or -aaS *ons40ers5
PaaS
Provisions an/ 0anages *lo4/ in1rastr4*t4re an/
0i//le7are 1or the 2lat1or0 *ons40ersJ 2rovi/es
/evelo20ent: /e2loy0ent an/ a/0inistration tools to
2lat1or0 *ons40ers5
SaaS
-nstalls: 0anages: 0aintains an/ s422orts the so1t7are
a22li*ation on a *lo4/ in1rastr4*t4re5
Table 3-2: Cloud Provider Activities
+he a*tivities o1 *lo4/ 2rovi/ers *an 6e gro42e/ into the 1ollo7ing 2ers2e*tives Servi*e
De2loy0ent: Servi*e (r*hestration: Clo4/ Servi*e Banage0ent: Se*4rity: an/ Priva*y5
Servi*e De2loy0ent re1ers to the *lo4/ in1rastr4*t4re o2eration as relate/ to the
/e2loy0ent 0o/els Private *lo4/: Co004nity *lo4/: P46li* *lo4/: 9y6ri/ *lo4/5
Servi*e (r*hestration re1ers to the arrange0ent: *oor/ination an/ 0anage0ent
o1 *lo4/ in1rastr4*t4re to 2rovi/e /i11erent *lo4/ servi*es to 0eet -+ an/ 64siness
reD4ire0ents5 +he three *on*e2t4al layers o1 a generaliFe/ *lo4/ environ0ent
Servi*e <ayer: Reso4r*e A6stra*tion an/ Control <ayer: an/ Physi*al Reso4r*e
<ayer5
refarch'feed(ac)*redhat#com "" www#redhat#com
As /e2i*te/ in the 1ollo7ing ill4stration: Clo4/ Servi*e Banage0ent in*l4/es all
the servi*e-relate/ 14n*tions that are ne*essary 1or the 0anage0ent an/
o2erations o1 those servi*es reD4ire/ 6y or 2ro2ose/ to Clo4/ Cons40ers5 A
*lo4/ 2rovi/er 2er1or0s the 1ollo7ing 14n*tions to s422ort *lo4/ servi*e
0anage0ent )4siness S422ort: Provisioning>Con1ig4ration: an/
Porta6ility>-ntero2era6ility5
+he 1ollo7ing as2e*ts o1 Se*4rity 04st 6e 0anage/ in the *lo4/ A4thenti*ation
an/ A4thoriFation: Availa6ility: Con1i/entiality: -/entity Banage0ent: -ntegrity:
Se*4rity Bonitoring K -n*i/ent Res2onse: an/ Se*4rity Poli*y Banage0ent5
+he goal o1 Priva*y in the *lo4/ is to 2rote*t the ass4re/: 2ro2er: an/ *onsistent
*olle*tion: 2ro*essing: *o004ni*ation: 4se an/ /is2osition o1 2ersonal
in1or0ation =P-? an/ 2ersonally i/enti1ia6le in1or0ation =P--? in the *lo4/5
www#redhat#com "& refarch'feed(ac)*redhat#com
Illustration 3-1: Cloud Providers – Cloud Service ana!ement
Cloud :ro)er
An entity that 0anages the 4se: 2er1or0an*e an/ /elivery o1 *lo4/ servi*es: an/ negotiates
relationshi2s 6et7een Clo4/ Provi/ers an/ Clo4/ Cons40ers5
+hree 0a;or servi*es 2rovi/e/ 6y Clo4/ )ro,ers
Service 4ntermediation2
A *lo4/ 6ro,er enhan*es a given servi*e 6y i02roving so0e s2e*i1i* *a2a6ility
an/ 2rovi/es the val4e-a//e/ servi*e to Clo4/ Cons40ers5
Service Aggregation2
A *lo4/ 6ro,er *o06ines an/ integrates 04lti2le servi*es into one or 0ore ne7
servi*es5 +he 6ro,er 7ill 2rovi/e /ata integration an/ ens4re the se*4re /ata
0ove0ent 6et7een Clo4/ Cons40er an/ 04lti2le *lo4/ 2rovi/ers5
Service Ar(itrage2
Servi*e Ar6itrage is si0ilar to servi*e aggregation: 7ith the /i11eren*e in that the
servi*es 6eing aggregate/ are not 1i'e/5 Servi*e ar6itrage allo7s 1le'i6le an/
o22ort4nisti* *hoi*es 1or the 6ro,er5 &or e'a02le: the *lo4/ 6ro,er *an 4se a
*re/it-s*oring servi*e an/ sele*t the 6est s*ore 1ro0 04lti2le s*oring agen*ies5
refarch'feed(ac)*redhat#com ", www#redhat#com
3.2 #ed $at CloudForms and the !"ST model
Re/ 9at Clo4/&or0s /oes not 1it as a single a*tor in the N-S+ 0o/el5 )y itsel1: Re/ 9at
Clo4/&or0s is not a N-S+ /e1ine/ Clo4/ Provi/er5 Chere a N-S+ /e1ine/ Clo4/ Provi/er
2rovi/es the 4n/erlying hosting environ0ent s4*h as virt4al 0a*hines: Re/ 9at Clo4/&or0s
/oes not5 Rather: it e'ten/s the Clo4/ Provi/erEs Clo4/ Servi*e Banage0ent s422ort an/
1a*ilitates Servi*e De2loy0ent an/ Servi*e (r*hestration5 +he ill4stration 6elo7 sho7s the
stan/ar/ N-S+ Clo4/ Provi/er 7itho4t Re/ 9at Clo4/&or0s5
www#redhat#com "- refarch'feed(ac)*redhat#com
Illustration 3-2: "IST Cloud Provider
Re/ 9at Clo4/&or0s also 2rovi/es 04*h 0ore 14n*tionality than a N-S+ /e1ine/ Clo4/ )ro,er5
A Clo4/ )ro,er 0erely re/ire*ts the Clo4/ Cons40er to e'isting *lo4/ 2rovi/ers as 2i*t4re/
here5
refarch'feed(ac)*redhat#com ". www#redhat#com
Illustration 3-3: "IST Cloud #ro$er
Re/ 9at Clo4/&or0s: ho7ever: e'ten/s a Re/ 9at Certi1ie/ Clo4/ Provi/erEs 1eat4res:
es2e*ially those relate/ to Clo4/ Servi*e Banage0ent5 -n 2arti*4lar:the
2orta6ility>intero2era6ility 14n*tionality is in*rease/ 7ith the 1eat4res that are inherent in Re/
9at Clo4/&or0s: an/ 14rther 1a*ilitate all reD4ests 1ro0 the Clo4/ Cons40ers5 (ther areas
0ay also see in*rease/ 14n*tionality an/ 6ene1it 1ro0 Re/ 9at Clo4/&or0sEs a6stra*tion 6eing
a6le to 2rovi/e a single 04lti24r2ose inter1a*e5 +he 1ollo7ing ill4stration re2resents Re/ 9at
Clo4/&or0s e'ten/ing a Clo4/ Provi/erEs 14n*tionality5
www#redhat#com "/ refarch'feed(ac)*redhat#com
Illustration 3-%: Red Hat CloudForms &'tends Certi(ied Clouds
Chen *o06ine/ 7ith a virt4aliFation environ0ent: gri/ /e2loy0ent: or 6are-0etal 1ar0:
0issing essential *lo4/ *hara*teristi*s are 2rovi/e/ 6y Re/ 9at Clo4/&or0s5 +he hoste/
environ0ent is trans1or0e/ into a 14n*tional *lo4/ 2rovi/er 6y the sharing o1 the Clo4/ Servi*e
Banage0ent 14n*tionality 6et7een the hosting environ0ent an/ Re/ 9at Clo4/&or0s: as
2ortraye/ 6elo7#
refarch'feed(ac)*redhat#com "0 www#redhat#com
Illustration 3-): Red Hat CloudForms * Hosted &nvironment Cloud
Re/ 9at Clo4/&or0s a6stra*tion *a2a6ilities allo7 it to 2er1or0 0ore than the 14n*tionality o1 a
Servi*e Aggregation )ro,er: 6y 2rovi/ing *onsistent 1eat4res: *ontent: an/ servi*es a*ross
s422orte/ environ0ents5 +he a6ility to *ontrol /e2loy0ents into any *erti1ie/ *lo4/ 2rovi/er
res4lts in *onsistent *ross-*lo4/ vie7s o1 *ontent5 +he ne't ill4stration /is2lays ho7 Re/ 9at
Clo4/&or0s 0a,es this 2ossi6le5
www#redhat#com "3 refarch'feed(ac)*redhat#com
Illustration 3-+: Red Hat CloudForms Provides ulti-Cloud
Intero,erabilit-
3.3 $igh %evel Functional Areas
+he high level 14n*tional areas o1 Re/ 9at Clo4/&or0s are
• Clo4/ -nter1a*e
• Content Provision Banage0ent
• A22li*ation Des*ri2tion 3eneration
• -0age <i1e*y*le Banage0ent
• A22li*ation <i1e*y*le Banage0ent
• Clo4/ Servi*es =o2tional?
+he Cloud Interface 2rovi/es the Clo4/ Cons40er a *entral 2oint o1 intera*tion 1or /e1ining:
/e2loying: re2orting: an/ 0anaging n40ero4s *lo4/ a22li*ations on 2otentially 0any 246li*
an/ 2rivate *lo4/ 2rovi/ers5 +he *lo4/ inter1a*e is 04lti-tenant an/ 2rovi/es 04lti2le level
a/0inistration *a2a6ilities5
Content Provision Management s422lies *ontent =as 7ell as Re/ 9at entitle0ents? to other
14n*tional areas an/ 2rovi/es *on1ig4ration *o02lian*e an/ so1t7are 0o/i1i*ations 1or r4nning
instan*es5
refarch'feed(ac)*redhat#com "7 www#redhat#com
Illustration 3-.: Functional /vervie0
Application Description Generation allo7s the Clo4/ Cons40er to /e1ine their entire
a22li*ation /e2loy0ent: 7hi*h is store/ in .B< 1or0at5 +his .B< is 4se/ to 64il/ an/ *on1ig4re
the a22li*ation in vario4s *lo4/ 2rovi/er environ0ents5
Image Lifecycle Management *ontrols the *reation an/ 0anage0ent o1 the i0ages 4se/ in
/e2loying the Clo4/ Cons40erEs a22li*ation5 Image Lifecycle Management 4ses the .B<
/e1initions to *reate the i0ages reD4ire/ an/ 2ro2agate *reate i0ages to the vario4s targete/
Clo4/ Provi/ers5
Application Lifecycle Management is 4se/ to *ontrol an/ 0onitor the state o1 Clo4/ Cons40er
a22li*ations5 +his 14n*tionality in*l4/es reso4r*e 0anage0ent: D4ota en1or*e0ent: 2oli*y
en1or*e0ent: a22li*ation instantiation: *on1ig4ration *ontroller: et*5
Cloud Services are a//-ons to a *lo4/ /e2loy0ent that ens4res *onsistent 14n*tionality at
vario4s *lo4/ 2rovi/ers5 +he 1ollo7ing is a list o1 14n*tional areas so0e 2lanne/ servi*es
2rovi/e
• Ar*hival Storage
• Re2li*ate/ Relia6le &ile Syste0s
• Bessaging
• Clo4/ -D Banage0ent
• Availa6ility Bonitoring>9igh Availa6ility
www#redhat#com &$ refarch'feed(ac)*redhat#com
,#,#" Cloud 4nterface
Chen a Clo4/ Cons40er engages Re/ 9at Clo4/&or0s: the Cloud Interface is the 2ri0ary
2oint o1 intera*tion that the Clo4/ Cons40er 4ses to initiate a*tivities: 1ro0 a/0inistration
/4ties: gathering re2orts on vario4s reso4r*es: to /e1ining an/ *ontrolling an a22li*ation
/e2loy0ent into a *lo4/5 +he 1ollo7ing ill4stration s400ariFes these 14n*tions5
refarch'feed(ac)*redhat#com &" www#redhat#com
Illustration 3-1: Cloud Inter(ace
,#,#& Content Provision %anagement
Content Provision Management 2rovi/es so1t7are to the other 14n*tional areas: 0anages
so1t7are re2ositories =1ro0 stan/ar/ *ontent so4r*es s4*h as Re/ 9at Net7or,: 42loa/e/ sel1-
s422lie/ *olle*tions: -S(s: et*?: an/ a22lies *on1ig4ration *o02lian*e an/ so1t7are
0o/i1i*ations 1or r4nning instan*es5 +he ill4stration 6elo7 /e2i*ts its intera*tion 7ith the other
14n*tional areas5
www#redhat#com && refarch'feed(ac)*redhat#com
Illustration 3-2: Content Provision ana!ement
,#,#, Application 1escription ;eneration
+he Clo4/ Cons40er /e1ines their a22li*ation /e2loy0ent as a set o1 syste0s *on1ig4re/ 7ith
*olle*tions o1 so1t7are an/ *on1ig4ration /ata reD4ire/ to a**o02lish the assigne/ tas,5 +he
Application Description Generation o4t24ts this /e1inition as .B<: as /e2i*te/ 6elo75
refarch'feed(ac)*redhat#com &, www#redhat#com
Illustration 3-13: A,,lication 4escri,tion 5eneration
,#,#- 4mage <ifeccle %anagement
+he Clo4/ Cons40er *an /e*i/e to stage the so1t7are =in the 1or0 o1 /is, i0ages? or Image
Lifecycle Management has the a6ility 1or 1or*e a late staging 7hen reD4ire/5 Aither 7ay: -0age
<i1e*y*le Banage0ent is res2onsi6le to a11ir0 the /is, i0ages are availa6le at the Clo4/
Provi/er5 -0age <i1e*y*le Banage0ent tra*,s i0ages an/ 0ay 4se one i0age as the so4r*e
1or another or 64il/ the i0age 1ro0 s*rat*h5 (n*e the i0age is availa6le: -0age <i1e*y*le
Banage0ent is res2onsi6le 1or the availa6ility o1 this /is, i0age at the Clo4/ Provi/er: as
sho7n 6elo7#
Chile 4sing an e'isting i0age as the so4r*e 1or another i0age 0ay hel2 to li0it 2roli1eration o1
i0ages: i1 a syste0 4ses a single /is, i0age that *ontains all the so1t7are nee/e/ 1or that
syste0: the 2otential 1or re-4se is li0ite/5 9o7ever: i1 so1t7are is layere/ as se2arate /is,
i0ages: e5g5 (S: /ata6ase: an/ Lava environ0ent: any o1 these in/ivi/4al layers>/is, i0ages
has 04*h greater 2otential re-4se val4e5 Using this *on*e2t o1 strati1ying so1t7are 2roves to 6e
0ore e11e*t4al5 &or this *on*e2t to 7or,: the a6ility to lin, the se2arate /is, i0ages to 14n*tion
as a single 14n*tional i0age is reD4ire/5 +his is a**o02lishe/ as 2art o1 the 2ost-6oot
*on1ig4ration5
www#redhat#com &- refarch'feed(ac)*redhat#com
Illustration 3-11: 6i(ec-cle ana!ement
,#,#. Application <ifeccle %anagement
Chen the Clo4/ Cons40er /e*i/es to /e2loy their a22li*ation: the *lo4/ inter1a*e is 4se/ to
instr4*t Application Lifecycle Management to *arry o4t this a*tivity5 +his is a**o02lishe/ 6y
4sing a internal reso4r*e 0anger to i/enti1y a Clo4/ Provi/er that 0at*hes the 2oli*ies: D4ota:
a**essi6ility an/ availa6ility that the Clo4/ Cons40er reD4ests5 +hen A22li*ation <i1e*y*le
Banage0ent instantiates ea*h syste0 7ith the so1t7are /esire/: a22lying lo*al an/ intra-
/e2loy0ent *on1ig4rations: a*tivating reD4ire/ *lo4/ servi*es: 2rovi/ing se*4re a**ess to the
syste0s: an/ 0onitoring the /e2loy0ent5 A22li*ation <i1e*y*le Banage0ent 2er1or0s other
a*tions s4*h as sh4tting /o7n the /e2loy0ent: et*: /is2laye/ 6elo75
refarch'feed(ac)*redhat#com &. www#redhat#com
Illustration 3-12: A,,lication 6i(ec-cle ana!ement
,#,#/ Functional Area Summar
+he ill4stration 6elo7 s400ariFes the high level *on*e2t4al sol4tion 7hen Re/ 9at
Clo4/&or0s a6stra*ts vario4s 246li* Clo4/ Provi/ers or 6y Clo4/&or0s e'ten/ing vario4s
virt4aliFation: 3ri/: or 1ar0 environ0ents5 Re/ 9at Clo4/&or0s o2erations are segregate/ into
the 1ollo7ing 14n*tional areas
• Clo4/ -nter1a*e
• Content Provision Banage0ent
• A22li*ation Des*ri2tion 3eneration
• -0age <i1e*y*le Banage0ent
• A22li*ation <i1e*y*le Banage0ent
www#redhat#com &/ refarch'feed(ac)*redhat#com
Illustration 3-13: &',anded Functional /vervie0
- Red Hat CloudForms Components
+he 2revio4s se*tion /es*ri6e/ the ar*hite*t4re in ter0s o1 the 14n*tional areas5 +he a*t4al
i02le0entation 2er1or0s the 14n*tionality as a set o1 2ro/4*ts5 +his se*tion i/enti1ies the
*o02onents o1 Re/ 9at Clo4/&or0s an/ asso*iates the ar*hite*t4ral 14n*tion 7ith the
*orres2on/ing *o02onents5 +he Aeol4s Pro;e*t
$
is the 406rella 2ro;e*t 1or 0any 2ie*es o1 the
*lo4/ so1t7are5 Chile /e2i*te/ 6elo7 is the 0a22ing o1 14n*tional areas to the higher level
2ro;e*ts: the 1ollo7ing se*tions 2rovi/e greater /etail5
refarch'feed(ac)*redhat#com &0 www#redhat#com
Illustration %-1: Arc7itectural Com,onent a,,in!
4.1 Cloud "nter&ace
+he Cloud Interface 2rovi/es the 2ri0ary 4ser inter1a*e 1or Re/ 9at Clo4/&or0s a*tivities5 An
AP- is also availa6le as an alternative a**ess 0etho/5 +he Clo4/ -nter1a*e 14n*tionality is
s422lie/ 6y the Aeolus UI as re2resente/ 6elo75
www#redhat#com &3 refarch'feed(ac)*redhat#com
Illustration %-2: Cloud Inter(ace Com,onents
+he *lo4/ inter1a*e 2rovi/es a *entraliFe/ 0anage0ent inter1a*e 1or Clo4/ Cons40ers:
7hether they 6e a/0inistrators or /evelo2ers: to intera*t 7ith /is2arate *lo4/ 2rovi/ers5 Using
the 7e6-6ase/ inter1a*e: a Clo4/ Cons40er *an log on an/ 2er1or0 *ertain a*tions 6ase/ on
the rights asso*iate/ 7ith their a**o4nt5 +he goal o1 the *lo4/ inter1a*e is to a6stra*t the 6a*,-
en/ *lo4/ 2rovi/er 1ro0 the Clo4/ Cons40er: regar/less o1 7hether the Clo4/ Cons40er
/esires to 4tiliFe AC2: Ra*,s2a*e: a Re/ 9at Anter2rise Virt4aliFation in1rastr4*t4re: or other
a22rove/ *lo4/ in1rastr4*t4re 1or their a22li*ation5 +he ill4stration 6elo7 sho7s ho7 the *lo4/
inter1a*e 2rovi/es a**ess to Resource Management, Image Management, Administration,
Reporting, an/ Accounting
refarch'feed(ac)*redhat#com &7 www#redhat#com
Illustration %-3: Cloud Inter(ace Functional 8ie0
Cith Resource Management, the a4thoriFe/ Clo4/ Cons40er is a6le to 0anage the a*tive
reso4r*es s4*h as liste/ in 8a(le -'"2 Resources5 Cithin ea*h o1 these *ategories: attri64tes
li,e 2ro2erties an/ 2er0issions *an 0e 0o/i1ie/ as nee/e/5
Resource 1escription
User a**o4nt
A Re/ 9at Clo4/&or0s Clo4/ Cons40erJ allo7s a**ess an/
*ontrols 2er0issions > roles5
H4ota
-02le0ents li0its on instan*es or /is, 4sages: *an 6e
asso*iate/ 7ith a 4ser a**o4nt: *lo4/ 2rovi/er a**o4nt: 2ool: or
2ool 1a0ily5
Clo4/ Provi/er
a**o4nt
+he a**o4nt that allo7s a**ess to a s2e*i1i* *lo4/ 2rovi/er5
+his a**o4nt *an 6e asso*iate/ 7ith 04lti2le 2ools5
Pool
A gro42ing o1 *lo4/ 2rovi/ers as s2e*i1ie/ 6y the Clo4/
2rovi/ers a**o4nts assigne/ to 1or the 2oolEs 4se5
Pool 1a0ily
A gro42ing o1 2ools 6y 4ser /e1ine/ se0anti*sM e5g5 /ev: test5
A 2ool *an only 6e assigne/ to on 2ool 1a0ily5
-nstan*es +hese are syste0s that are r4nning in *lo4/ 2rovi/er5
De2loy0ent
3ro42s o1 instan*es that are relate/ 6y 6eing /e1ine/ as 2art o1
the sa0e a22li*ation /e2loy0ent5
Table %-1: Resources
Cith the Image Management inter1a*e: the Clo4/ Cons40er is a6le to *reate: 0o/i1y an/
/elete ite0s relating to the /e1inition o1 a22li*ation /e2loy0ent: e5g5: syste0s: /is, i0ages:
*on1ig4ration settings: et*5 +his allo7s the 4ser to *reate the 1ra0e7or, 1or 246lishing
a22li*ations an/ instan*es5
+he inter1a*e also 2rovi/es Administration *a2a6ilities 7hi*h allo7s *ontrol over a**o4nt roles
an/ 2er0issions5 Provi/ers *an 6e 0anage/ as 7ell as har/7are 2ro1iles5
(ne other ,ey attri64te o1 the *lo4/ inter1a*e is the a6ility to tra*, Reporting an/ Accounting
/etails 1ro0 the *lo4/ 2rovi/ers an/ lo*al reso4r*es 7hi*h are 6eing 4tiliFe/5 -te0s s4*h as the
n406er o1 instan*es r4nning an/ the *orres2on/ing *harges 6e*o0es 0ore an/ 0ore
i02ortant as a22li*ations are s*ale/5
www#redhat#com ,$ refarch'feed(ac)*redhat#com
4.2 Content 'rovision (anagement
Content Provision Management 14n*tionality is 2rovi/e/ 6y the Natello *o02onent 7hi*h
2rovi/es the *olle*tion o1 so1t7are an/ so1t7are 1ee/s 4tiliFe/ 6y -0age &a*tory 7hen 64il/ing
an/ 0o/i1ying i0ages5 +his *ontent *an *o0e 1ro0 a variety o1 reso4r*es5 Chile Re/ 9at
Net7or, is the 2re0i40 s422lier: other 0etho/s in*l4/e re2ositories: -S(s: or so1t7are
*olle*tions - 7hether these are Re/ 9at: Re/ 9at Partners: other (ABs: or *4sto0 s422lie/5
refarch'feed(ac)*redhat#com ," www#redhat#com
Illustration %-%: Content Provision ana!ement
4.3 Application )escription *eneration
Application Description Generation is the set o1 14n*tionality that allo7s the Clo4/ Cons40er to
*reate a re*i2e /es*ri6ing an a22li*ation that they /esire to /e2loy5 As a re*i2e lists the
ingre/ients an/ the instr4*tions o1 ho7 to *o06ine the ingre/ients5 +he generate/ a22li*ation
/es*ri2tion i/enti1ies the syste0s an/ so1t7are along 7ith *on1ig4ration /ata 4se/ in the
2ro*ess o1 *o06ining all ele0ents5 +he 14n*tionality o1 A22li*ation Des*ri2tion 3eneration is
0ostly 2rovi/e/ 6y the Con/4*tor5 8a(le -'&2 1efinitions /e1ines ter0s relevant to this
*o02onent5
8erm E+planation
-0age or Dis,
-0age
+he *ontents o1 a 0o4nta6le /is,J the *ontents o1 a 0o4nt-
2oint
+e02late
Des*ri2tion o1 a /is, i0age 7ith any 0eta-/ata reD4ire/ to
*reate an i0ageJ the /es*ri6e/ i0age 0ay 6e 6oota6le or non-
6oota6leJ a non-6oota6le i0age is 4se/ to 2rovi/e a /istin*t
so1t7are layer: s4*h as a /ata6ase
Asse06ly
De1inition o1 a single instan*e *ontaining one or 0ore
te02lates an/ 0eta-/ata relate/ to servi*e *on1ig4rationsJ
sin*e this /e1ines an instan*e: one *onstit4ent te02late 04st
6e /es*ri6e/ as a 6oota6le i0ageJ all *on1ig4ration a*tions are
2er1or0e/ 2ost-6oot
Servi*e
Con1ig4ration
(2tional attri64te o1 the asse06ly 7hi*h /es*ri6es the servi*e
or servi*es that the asse06ly 2rovi/es to reD4iresJ this
in1or0ation is 4se/ to *on1ig4re an/ tie the asse06lies o1 a
/e2loy0ent together at la4n*h
De2loya6le
A22li*ation /e2loy0ent /e1inition: *ontains one or 0ore
asse06lies an/ 0eta-/ata *on1ig4rationJ this *on1ig4ration
s2e*ialiFes a /e2loy0ent 6y D4ali1ying it 1or a s2e*i1i* targete/
in1rastr4*t4re
CD<
Content Des*ri2tion <ang4ageJ .B< 1or0at lang4age 4se/ 1or
+e02late: Asse06ly an/ De2loya6le =+AD? /e1initions
Table %-2: 4e(initions
www#redhat#com ,& refarch'feed(ac)*redhat#com
+he a22li*ation /e2loy0ents 04st 6e /es*ri6e/ in a str4*t4re/ 1or0at that in*l4/es the
6oota6le o2erating syste0: any so1t7are reD4ire0ents: *on1ig4ration 2rovi/e/ or reD4ire/: an/
any s2e*i1i* targeting in1or0ation to instantiate the a22li*ation5 +his is a**o02lishe/ 6y the
Clo4/ Cons40er intera*ting 7ith the Con/4*tor via the Clo4/ -nter1a*e =1?, as 2i*t4re/ 6elo75
+he /e2loya6le is /e1ine/ in CD< =%? 6y /es*ri6ing the te02lates: asse06lies: servi*es:
*on1ig4ration /ata: an/ targeting /ata that *o02ose the entire a22li*ation /e2loy0ent5 +he
so4r*e o1 the so1t7are o2tions o1 *ontent is 2rovi/e/ 6y the pulp instan*e in Content Provision
Banage0ent =2?5 +argeting in1or0ation allo7s the generi* /es*ri2tion to 6e s2e*ialiFe/ 1or a
s2e*i1i* /e2loy0ent5 Bost *o00only: this in1or0ation s2e*i1ies the *o024te reD4ire0ents
=vCPUs: 0e0ory: /is, s2a*e? nee/e/ 1or an instan*e5
refarch'feed(ac)*redhat#com ,, www#redhat#com
Illustration %-): A,,lication 4escri,tion 5eneration
+he 1ollo7ing a6stra*te/ sa02le 2rovi/es the general *on*e2ts o1 a CD< layo4t5 A De2loya6le
is 0a/e o1 one or 0ore Asse06lies 7ith *on1ig4ration /ata5 Aa*h Asse06ly is 0a/e o1 one or
0ore +e02lates an/ *on1ig4ration5 Aa*h +e02late lists the so1t7are an/ *on1ig4ration /ata5
An Asse06ly o2tionally in/i*ates the servi*es that it /e1ines or reD4ires5 So0e o1 the
*on1ig4ration /ata 0ay 6e /e1ine/ a the ti0e o1 instan*e la4n*h5
Begin Deployable Definition
...
Begin Assembly Definition
...
Begin Template Definition
...
Software list
End Template Definition
End Assembly Definition
End Deployable Definition
4.4 "mage %i&ecycle (anagement
Image Lifecycle Management is the 14n*tionality that *reates: stores: an/ 0aintains the
i0ages an/ /es*ri2tions: 7hi*h s422lies this *ontent to the s422orte/ *lo4/ 2rovi/ers5 -0age
<i1e*y*le Banage0ent 14n*tionality is 2er1or0e/ 6y 04lti2le *o02onent 2ro/4*ts
• Con/4*tor
• -0age &a*tory
• -0age Careho4se
Relevant ter0s 4se/ in this *o02onent se*tion are liste/ in 8a(le -',2 1efinitions5
8erm E+planation
-C-C<A
-0age Content an/ -nten/e/ Con1ig4ration <ang4agAJ Chile
the CD< /es*ri6es the /e1inition o1 +e02lates: Asse06lies:
an/ De2loya6les: the -C-C<A 2rovi/es listing o1 /etaile/
so1t7are revisions an/ *on1ig4ration 2ara0eters o1 the *reate/
entities5 Chile CD< *an 6e tho4ght o1 as the sho22ing list: the
-C-C<A is the ite0iFe/ re*ei2t5
Table %-3: 4e(initions
(ne o1 the 0any 14n*tions o1 the Con/4*tor is to initiate an/ *o-or/inate -0age <i1e*y*le
Banager a*tivities5
-0age &a*tory is the *o02onent that is res2onsi6le 1or 64il/ing all *lo4/ i0ages5 +he i0age
/es*ri2tion is s422lie/ 1ro0 the .B<>CD< generate/ 1ro0 A22li*ation Des*ri2tion 3eneration
=Con/4*tor?5 +he *ontent *o0es 1ro0 Content Provision Banage0ent5 A//itional so1t7are that
is nee/e/ to s422ort the *lo4/ o2erations is also a//e/ to the i0age5
www#redhat#com ,- refarch'feed(ac)*redhat#com
-0age Careho4se tra*,s all i0ages an/ is res2onsi6le 1or staging the i0ages at the
a22ro2riate *lo4/ 2rovi/er5
+he i0ages that are /e1ine/ 6y the *lo4/ *ons40er: are 64ilt 7ith -0age &a*tory an/ store/ in
-0age Careho4se5 Chen a Clo4/ Provi/er 2rovi/es an i0age as the so4r*e 1or the /esire/
i0age: -0age &a*tory is not *alle/ 42on5 +he 2rovi/e/ i0age is s2e*i1ie/ in the /e1inition5
9o7ever: -0age Careho4se still stores the 0eta-/ata 7hi*h allo7s the 2ro2er i0age
1or0ation an/ asse06ly5 -n a//ition: in all *ases -0age Careho4se is also res2onsi6le 1or all
staging o1 i0ages5
-#-#" 4mage <ifeccle ' Standard
+he stan/ar/ -0age <i1e*y*le is e'2li*itly initiate/ 6y the Clo4/ Cons40er a1ter /e1ining
te02lates 4sing the *lo4/ inter1a*e an/ reD4esting a 64il/: or in/ire*tly 6y the *ons40er 6y
reD4esting an instan*e la4n*h o1 a /e2loya6le that *ontains te02lates that have not ha/
*orres2on/ing i0ages 64ilt =1?: as sho7n in the /iagra0 in this se*tion5
refarch'feed(ac)*redhat#com ,. www#redhat#com
A1ter Con/4*tor is reD4este/ to initiate a 64il/ =2?: it trans0its a 0essage *ontaining the CD<
an/ the target Clo4/ Provi/er to -0age &a*tory 7hi*h is 2la*e/ onto a D4e4e =%?5 Chen
reso4r*es are availa6le: -0age &a*tory starts a 64il/ 4sing the in24t re0ove/ 1ro0 the D4e4e5
-1 the 64il/ is 1ro0 s*rat*h: a L4st Ano4gh (2eration Syste0 =Le(S? - 7hi*h is a 0ini0al (S -
is initially *reate/5 -nstea/ o1 64il/ing 1ro0 s*rat*h: -0age &a*tory *an 4se a 2re-e'isting /is,
i0age5 Ne't: the Le(S or 2re-e'isting /is, i0age is 0o/i1ie/ 7ith the a//ition or re0oval o1
so1t7are 4ntil the CD< is satis1ie/ =$?5 +he 1or0at o1 the /is, i0age 0ay reD4ire 0ani24lation
to ens4re *o02ati6ility 7ith the target Clo4/ Provi/er5 (n*e the /is, i0age is *o02lete: -0age
&a*tory *reates an -C-C<A 1ro0 the i0age: listing the s2e*i1i* versions o1 the so1t7are *ontent
an/ *on1ig4ration 2ara0eters =#?5
+he *o02lete/ /is, i0age an/ -C-C<A are trans0itte/ to -0age Careho4se =6?5 -0age
Careho4se stores the /is, i0age: -C-C<A: an/ so4r*e CD< 1or 2otential 14t4re 4se =7?5 -t also
ass4res the /is, i0age is availa6le in the target *lo4/ =8?5 &or e'a02le: i1 the target *lo4/
2rovi/er is a Re/ 9at Clo4/&or0s *lo4/ 4sing Re/ 9at Anter2rise Virt4aliFation: the i0age is
0igrate/ into R9AVEs i02ort /o0ain an/ instantiate/5 -1 the target is A0aFon AC2: the i0age
is 64n/le/ in S% an/ registere/ in the a22ro2riate region: allo7ing a**ess 1or the s2e*i1ie/
Clo4/ Provi/er 4ser5
www#redhat#com ,/ refarch'feed(ac)*redhat#com
Illustration %-+: Ima!e 6i(ec-cle ana!ement - Standard
-#-#& 4mage <ifeccle = Snapshot
A1ter an instan*e ha/ 6een /e2loye/: it 0ay 6e 0o/i1ie/ in the environ0ent 6y 4ser /ire*te/
so1t7are 42/ates 2rovi/e/ 6y the 0anage0ent *a2a6ilities o1 Content Provision Banage0ent5
+hese 42/ates *reate a /is*re2an*y 6et7een the i0age store/ in -0age Careho4se an/ the
r4nning instan*e5 Sin*e the Clo4/ Cons40er 2er1or0e/ the 42/ates: they 0ay also /esire to
42/ate the -0age Careho4se -C-C<A an/ /is, i0age5 +he Clo4/ Cons40er 0ay also /esire
to leave the original i0ages: sin*e 04lti2le /e2loy0ents *o4l/ have 6een starte/ an/ not all
sho4l/ 6e 42/ate/5
+he Clo4/ Cons40er 42/ates the i0age /e1initions =1? 6y in1or0ing Con/4*tor =2? to initiate
the a*tivity5 Natello 42/ates /e1initions initiate/ 6y the Clo4/ Cons40er an/ sen/s -0age
&a*tory the listing o1 *hanges that have 6een a22lie/ to a 2revio4sly instantiate/ i0age =%?5
-0age &a*tory *reates the 42/ate/ -C-C<A an/ /is, i0ages =$? 7hi*h are store/ in -0age
Careho4se =#?5 -0age Careho4se o2tionally 24shes the /is, i0ages to the a22ro2riate *lo4/
2rovi/ers =6?5 +his 7or,1lo7 is /e2i*te/ in the 1ollo7ing ill4stration5
refarch'feed(ac)*redhat#com ,0 www#redhat#com
Illustration %-.: Ima!e 6i(ec-cle ana!ement - Sna,s7ots
-#-#, 4mage <ifeccle = >atello 4mport
+he Clo4/ Cons40er 0ay initiate =1? an i0age 64il/ 1ro0 a Natello te02late =2?: allo7ing the
Natello te02late to s2e*i1y the *ontent /etails o1 an i0age instea/ o1 the Clo4/ Cons40er5 +he
re0aining 2ro*ess : ste2s =%? thro4gh =8?: 1lo7s as in the stan/ar/ *ase =re1er to 4mage
<ifeccle ' Standard?: e'*e2t Con/4*tor is initiate/ 6y Natello5 +his 2ro*ess is 2ortraye/
6elo75
www#redhat#com ,3 refarch'feed(ac)*redhat#com
Illustration %-1: 9atello Tem,late Im,ort
4.+ Application %i&ecycle (anagement
+he 14n*tionality o1 A22li*ation <i1e*y*le Banage0ent allo7s the Clo4/ Cons40er to *ontrol
the state o1 instan*es in the *lo4/: 7hether la4n*hing: sto22ing: 0onitoring: et*5 +he
14n*tionality o1 A22li*ation <i1e*y*le Banage0ent is 2rovi/e/ 6y several 2ro/4*ts: s2e*i1i*ally
• Con/4*tor
• Con/or
• A4/rey
• Delta*lo4/
• -0age Careho4se
8a(le -'-2 1efinitions /e1ines relevant ter0s 4se/ in this se*tion5
8erm E+planation
UU-D Universally UniD4e -/enti1ierJ an i/enti1ier 4niD4e 1or ea*h instan*e
Post-6oot
Con1ig4ration
(n*e an instan*e is initially la4n*he/: a*tivities are 2er1or0e/ to
a22ly *on1ig4ration an/ 2ara0eter settings: a// a//itional so1t7are
or /is, i0ages: 2rovi/e /ata to other syste0s 1or *on1ig4ration: an/
2re2are instan*es 1or *lo4/ 0anage0ent5
Table %-%: 4e(initions
(ne o1 the 0any 14n*tions o1 the Con/4*tor is to initiate an/ *o-or/inate all A22li*ation
<i1e*y*le Banage0ent a*tivities5 +he Con/4*tor is also the 0aintainer o1 the reso4r*e /ata
that is 4se/ in the 7or,1lo7 7hi*h /eter0ines the 6est s4ita6le la4n*h environ0ent5
Con/or 2rovi/es the 14n*tionality o1 a reso4r*e 0anager5 -n a//ition to s*he/4ling the *lo4/
instan*es: it ens4res that reso4r*es are availa6le an/ en1or*es D4ota an/ 2oli*y5 Con/or
*ontrols the state o1 *lo4/ instan*es: 7hether la4n*hing or /estroying5 -1 Con/or sees that an
instan*e is no longer o2erating: it restarts the instan*e 6ase/ 42on 2oli*y settings5
Co004ni*ation 7ith /i11erent *lo4/ 2rovi/ers is *ontrolle/ thro4gh the Delta*lo4/ /river5 +he
Delta*lo4/ /river *reates an a6stra*tion layer 6et7een the *ons40er an/ thir/ 2arty *lo4/s5
+his 0o/el allo7s Re/ 9at Clo4/&or0s to 14n*tion 7ith vario4s Clo4/ Provi/ers 7itho4t
reD4iring all *o02onents to 6e 7ritten 1or the s2e*i1i* Clo4/ Provi/er5
A4/rey is a set o1 tools that 2er1or0s 2ost-6oot *on1ig4ration o1 *lo4/ instan*es5 +he list o1
14n*tionality it 2rovi/es in*l4/es a22lying lo*al an/ intra-/e2loy0ent *on1ig4rations: a*tivating
reD4ire/ *lo4/ servi*es: 2rovi/ing se*4re a**ess to the syste0s: an/ 0onitoring the
/e2loy0ent5
refarch'feed(ac)*redhat#com ,7 www#redhat#com
-0age Careho4se stores the /es*ri2tions o1 the instan*es5 +hese /es*ri2tions are s422lie/ to
the *on1ig4ration server 1or *o02letion o1 any reD4ire/ a*tions5 +he 2ro*ess o1 la4n*hing an
instan*e is 2i*t4re/ as 1ollo7s5
+he Clo4/ Cons40er initiates a instan*e la4n*h 4sing the *lo4/ inter1a*e =1?5 Con/4*tor starts
the instan*e la4n*h 6y s460itting a reD4est 1or the instan*e 7ith Con/or =2?5 Con/or *on1ir0s
that the reD4est /oes not violate 2oli*y or D4ota: an/ 0at*hes the reD4est to a *lo4/ 2rovi/er5
(n*e 0at*he/: Con/or sen/s o4t t7o 2arallel 0essages =%? 7ith the UU-D to 6e 4se/ 1or the
instan*e an/ other *on1ig4ration /ata5 (ne is to the Delta*lo4/ /river to start the instan*e =$?5
+he other 0essage is to A4/rey to *on1ig4re the instan*e 7ith the 2rovi/e/ UU-D5 Con/or also
*onta*ts Natello to resolve entitle0ents 1or the la4n*he/ instan*es =%?5 A4/rey *onta*ts the
-0age Careho4se to retrieve the CD< an/ -C-C<A /ata an/ 2ass on the *on1ig4ration
reD4ests an/ UU-D on to the *on1ig4ration server =#?5 (n*e the *on1ig4ration server /is*overs
the r4nning instan*e 7ith the 0at*hing UU-D =6?: it *ontrols the 2ost-6oot *on1ig4ration
2ro*ess =7?5 -n*l4/e/ in the 2ost 6oot 2ro*ess is esta6lishing tr4ste/ i/entity an/ *re/entials5
(n*e the instan*e has *o02lete/ this 2ro*ess: the *on1ig4ration server 2asses instan*e /ata
to Con/4*tor5
(n*e the instan*e 6oots 42: the 2ost *on1ig4ration ta,es 2la*e5 +his sets any -P a//resses:
start servi*es: et*55 1or the i0age so it is rea/y to r4n5 -n the *ase o1 the loa/-6alan*er a 2ool o1
-P a//resses 04st 6e 2rovi/e/ an/ 2oli*ies 04st 6e set5 &or the 7e6 servers: they 04st 6e
*on1ig4re/ 7ith a /e1a4lt gate7ay an/ the 7e6 servi*es 04st 6e starte/5
www#redhat#com -$ refarch'feed(ac)*redhat#com
Illustration %-2: A,,lication 6i(ec-cle Instance 6aunc7
4., Cloud Services
Section -#, Application 1escription ;eneration 6roa*he/ the s46;e*t that asse06lies 0ay
in/i*ate 7hat servi*es they 2rovi/e or the servi*es they reD4ire5 Using a servi*e that the Clo4/
Cons40er /e1ine/ allo7s the intera*tion o1 04lti2le instan*es to 6e*o0e 2art o1 the
/e2loya6leEs re*i2e5 9o7ever: there 0ay 6e servi*es that a /e2loy0ent 0ay 4se that are not
2rovi/e/ in the *lo4/ 4sers /e2loya6le /e1inition5 Cloud Services are a//-ons to *lo4/
/e2loy0ents that ens4re *onsistent 14n*tionality a0ong vario4s *lo4/ 2rovi/ers5 +he 1ollo7ing
is a list o1 14n*tional areas that so0e 2lanne/ *lo4/ servi*es 0ay 2rovi/e
• Bonitoring
• Banaging
• Bessaging
• Ar*hival Storage
• Re2li*ation &ile Syste0 Storage
• Clo4/ -/ Banage0ent
• 9igh Availa6ility
Clo4/ Servi*es are s2e*ial servi*es that a 4ser /oes not nee/ to /e1ine: as a *onsistent
/e1inition is 2rovi/e/5 Clo4/ Servi*es are a//e/ to a /e2loya6leEs /e1intion 7hen the Clo4/
Cons40er in/i*ates they 7ish to in*l4/e the servi*e5 +he instan*e 0ay 6e s2a7ne/ as 2art o1
their /e2loya6le: or the *lo4/ 2rovi/er 0ay have a /e/i*ate/ instan*e availa6le in the *lo4/
7hi*h 2rovi/es the servi*e to 04lti2le tenants5
-#/#" %onitoring
Re/ 9at 4ses the Batahari
#
in1rastr4*t4re to allo7 0onitoring an/ *ontrolling agents on *lo4/
instan*es5 +he agents 2rovi/e/ allo7 the starting o1 a22li*ations an/ 2rovi/e the 0onitoring
4se/ in 9igh Availa6ility5
&or L)oss Anter2rise Bi//le7are *ontent: a 0anage0ent agent =L)oss (N? is installe/ via a
0anage/ servi*e /e1inition5 +his 0e*hanis0 *an 6e 4se/ 1or any a//itional 0anage/
*ontainers 4se/ in /e2loy0ents5
refarch'feed(ac)*redhat#com -" www#redhat#com
-#/#& %anaging
As 7ith non-*lo4/ environ0ents: Re/ 9at 2rovi/es Banage0ent *a2a6ilities 6oth 1or Re/ 9at
Anter2rise <in4' an/ L)oss Anter2rise Bi//le7are5
&or Re/ 9at Anter2rise <in4': the Clo4/ Cons40erEs a22li*ation *an 6e 42/ate/ in 2la*e 7hen
/e2loye/ 4sing Natello5 +his *a4ses the /e2loye/ i0ages to 1all o4t o1 *o02lian*e 7ith the
/e1initions an/ save/ i0ages store/ in the -0age Careho4se5 Chen a r4nning instan*e
/eviates 1ro0 the store/ i0age: it is i/enti1ie/ as /ivergent5 +he Clo4/ Cons40er *an /e*i/e
to leave this as the stat4s D4o: or re*on*ile the instan*es an/ save/ i0ages5 +o 0a,e the
i0ages *onsistent: Natello sen/s -0age &a*tory the list o1 *hanges it has a22lie/ to the
instan*e5 -0age &a*tory generates 42/ate/ CD<: i0ages: an/ -C-C<As 1or the /e2loy0ent5
+he 42/ate/ i0age or i0ages are 24she/ to -0age Careho4se 7hi*h the 24shes to the *lo4/
2rovi/er5
&or L)oss Anter2rise Bi//le7are: the Clo4/ Cons40er *an /e2loy their a22li*ation 4sing the
6asi* 2rovi/e/ in1rastr4*t4re: or 4se a L)oss (2erations Net7or, =L)oss (N? server5 -n the
e'a02le in this 2a2er: a L)oss (N server allo7s the Clo4/ Cons40er to 14lly 0onitor: *ontrol:
an/ 42/ate the L)oss Anter2rise a22li*ation5
-#/#, %essaging
Not only /oes the in1rastr4*t4re 4se ABHP in the 1or0 o1 BR3
6
1or *o004ni*ations internally:
64t Re/ 9at 7ill /e2loy the Bessaging *o02onent o1 Re/ 9at Anter2rise BR3 as the
Clo4/&or0sE Bessaging Servi*e5
BR3 Bessaging ,ey 1eat4res in*l4/e
• ABHP s422ort
• &le'i6le 0essaging 2ara/ig0s
• B4lti-lang4age *lient s422ort
• 9igh 2er1or0an*e
• +ransient an/ /4ra6le 0essaging
• &e/eration
• +ransa*tions
• Se*4rity
• H4e4e se0anti*s
• .B< s422ort
• Distri64te/ 0anage0ent *onsole
www#redhat#com -& refarch'feed(ac)*redhat#com
-#/#- Archival Storage
Ar*hival Storage: so0eti0es re1erre/ to as 6lo6 storage: is 2rovi/e/ as a 0etho/ 1or rea/ing
an/ 7riting large o6;e*ts5 +he 0e*hanis0 4se/ 1or i0age storage in -0age Careho4se is also
availa6le to the Clo4/ Cons40er 1or their o7n /ata5 (2erations s4*h as 7hole 1ile OgetP an/
O24tP are 2er1or0e/ via 9++P5 +he i02le0entation is 6ase/ on Pro;e*t 9ail
7
or Clo4/&iles 7ith
0o/i1i*ations s4*h as a /istri64te/ /ata6ase 1or tags an/ 0eta/ata5 +he /ata is store/ is a
shar/ 1or0at: 0eaning the /ata is /istri64te/ 4sing horiFontal 2artitioning5 Data is 7ritten to
one 2la*e: ho7ever: re2li*ation *an 6e 4se/ to /istri64te rea/s5 Re2li*ation is 2oli*y /riven
an/ *an 6e 6ase/ on o6;e*t *onte't: site: tags: se*4rity: et*55 +he -0age Careho4se /ae0on
2rovi/es the a6ility 1or a *a*hing or re2li*ation 2ro*ess to 24sh *o2ies to e'isting Ar*hival
Storage s4*h as A0aFonEs S%: Ra*,S2a*eEs Clo4/ 1iles: AF4re: 3oogle Storage or to another
7areho4se instan*e5 -1 re2li*ation is 6et7een 7areho4se instan*es: 7hen a reD4est 1or an
o6;e*t that has not 6een *o2ie/ to the *hil/ no/e is re*eive/: the o6;e*t is E24lle/E on /e0an/5
refarch'feed(ac)*redhat#com -, www#redhat#com
Illustration %-13: Arc7ival Stora!e
-#/#. Replicated File Sstem Storage
Clo4/&S 2rovi/es a /istri64te/ share/ 1ile syste0 1or *lo4/ 4se 7ith P(S-. se0anti*s5
Clo4/&S *an 6e in*l4/e/ in CD< /e1initions to 2rovi/e storage 1or state14ll an/ hy6ri/ *lo4/
/e2loy0ents5 -n a//ition: this 1ile syste0 is s4ita6le 1or /e2loy0ent 6y a *lo4/ 2rovi/er as a
2er0anent: share/ servi*e5 Clo4/&S is 6ase/ on 3l4ster&S an/ a//s the 1ollo7ing
*a2a6ilities
• Stronger a4thenti*ation an/ a4thoriFation
• An*ry2tion =AAS-128>AAS-2#6?: 6oth on the 7ire an/ on /is,
• B4lti-tenan*y =isolating tenantsE na0es2a*es 1ro0 one another?
• H4ota an/ a**o4nting s422ort
• B4lti-site re2li*ation
All o1 these 1eat4res *an 6e i02le0ente/ in a 0o/4lar 7ay: so that /e2loy0ents *an 4tiliFe
only those /ee0e/ ne*essary or a22ro2riate 1or their s2e*i1i* sit4ation5
-#/#/ Cloud 4d %anagement
Clo4/ -/ Banage0entEs 0ain goal is to trans2arently integrate 7ith the e'isting i/entities an/
i/entity 0anage0ent syste0s 2resent in the enter2rise5 -/entity 0anage0ent in Re/ 9at
Clo4/&or0s is a**o02lishe/ thro4gh Re/ 9at Anter2rise -/entity =-PA?
8
2ro;e*t is 6ase/ on
the o2en so4r*e &ree-PA 2ro;e*t
"
5 &ree-PA is an a4thenti*ation an/ a4thoriFation 1ra0e7or,
1or large-s*ale <in4' an/ Uni' /e2loy0ents5 -t integrates servers 1or Ner6eros: <DAP: DNS:
an/ .#0" Certi1i*ates into a se*4re: relia6le: an/ s*ala6le i/entity 0anage0ent sol4tion5
www#redhat#com -- refarch'feed(ac)*redhat#com
-n a *o00on s*enario: 7hen a Clo4/ Cons40er instantiates a reso4r*e: there are several
entities to 6e *onsi/ere/
Entit 1escription ?otes
User
Clo4/ Cons40er
-n *onte02orary /e2loy0ents
a4thenti*ation is 2re/o0inantly
thro4gh A*tive Dire*tory Do0ain
Servi*es =ADDS?5
Ba*hine
Syste0 7hi*h the Clo4/
Cons40er 4ses to a**ess the
Clo4/&or0s environ0ent
Clo4/ Cons40erIs 7or,station 7hi*h
0ay or 0ay not 6e *onne*te/ to an
a4thenti*ating agent5
Clo4/&or0s
Clo4/&or0s in1rastr4*t4re
Uses Re/ 9at Clo4/&or0s internal
se*4re a4thenti*ation5
-nstan*e
Clo4/ Cons40erEs
/e2loy0ent>instan*es
Bay 4se a se2arate or an e'isting
/o0ain5
Table %-): Identit- 4omains
Re/ 9at Clo4/&or0s ta,es a/vantage o1 an internal -PA instan*e or ena6les 2ro'y
a4thenti*ation to the e'ternal ADDS server=s? in *ase a *lo4/ *ons40er has 04lti2le /o0ains5
Clo4/&or0s a//resses the 4se *ase o1 enter2rise Single Sign-(n =SS(? allo7ing the Clo4/
Cons40er *re/entials a*D4ire/ 6y logging into their 7or,station to 6e res2e*te/ 6y the Clo4/
-nter1a*e: th4s the Clo4/&or0s in1rastr4*t4re5 A//itional 14n*tionality allo7s the Clo4/
Cons40erEs i/entity to 6e res2e*te/ a*ross /i11erent i/entity /o0ains: th4s the Clo4/
*ons40er 7ill 6e a6le to /ire*tly a**ess la4n*he/ instan*es5
Using Syste0 Se*4rity Servi*es Dae0on =SSSD?
10
*ross ,er6eros tr4st 14n*tionality 6et7een
-PA an/ ADDS *an 6e esta6lishe/5 +he 1a*t that 04lti2le i/entity /o0ains 04st 6e *onsi/ere/
*reates a *o02le' 0atri' o1 4se *ases - 0ost o1 7hi*h Clo4/&or0s s422orts5 9o7ever: there
are li0itations that Clo4/&or0s 0ight not 6e a6le to a//ress in the near 14t4re as liste/ 6elo75
@se Case Status
Loining a Cin/o7s
0a*hine into the -PA
/o0ain
-t is not 2ossi6le to 0a,e a Cin/o7s 0a*hine 6e a 2art o1 -PA
/o0ain sin*e it has 2ro2rietary 2roto*ols that -PA /oes not 2lan
to s422ort in the near ter0 14t4re
Changing the 7ay
Cin/o7s 0a*hine
;oins /o0ain
-t is the sa0e 2ro6le0 64t the *lient si/e sol4tion5 Clo4/&or0s
/o not 2lan to 2rovi/e a *lient so1t7are 1or the Cin/o7s
7or,station to ;oin an -PA /o0ain: ho7ever: a sol4tion 0ight 6e
2rovi/e/ 6y the Re/ 9at 2artners in the 14t4re5
Table %-+: :se Cases 6imitations
refarch'feed(ac)*redhat#com -. www#redhat#com
-#/#0 High Availa(ilit
+he o2tional 9igh Availa6ility *lo4/ servi*e has the goal to /eliver 0a'i040 a22li*ation
servi*e availa6ility 1or a *olle*tion o1 /e2loy0ents5 +his is a*hieve/ 6y the /ete*tion or
re*overy o1 1ail4res in any o1 the 1ollo7ing *o02onents o1 a /e2loy0ent
15 Bonitore/ A22li*ations
25 -n/ivi/4al -nstan*es o1 De2loy0ents
%5 Cl4ster Servi*es
$5 Antire De2loy0ents
Re*overy 1ro0 a /ete*te/ 1ail4re 0ay reD4ire ter0inations o1 *o02onents o1 the /e2loy0ent5
+he restarting o1 *o02onents is *ontrolle/ 6y either Batahari agents or Con/or5 +he 1ollo7ing
ill4stration /e2i*ts a 6asi* 9igh Availa6ility Con1ig4ration5
www#redhat#com -/ refarch'feed(ac)*redhat#com
Illustration %-11: Hi!7 Availabilit- Standard Cloud Polic- &n!ine
+he 9igh Availa6ility Servi*e also has the a6ility to es*alate 1ail4res as /eter0ine/ 6y the
Cloud Policy !ngine, as sho7n 6elo75 +he 24r2ose o1 es*alating 1ail4res allo7s a re2etitive
lo7er level 1ail4re to 6e re*overe/ 4sing a higher level re*overy5 &or e'a02le: i1 an a22li*ation
1ails 10 ti0es in %0 0in4tes: the Clo4/ Cons40er 0ay 7ish to es*alate the a22li*ation 1ail4re
into an instan*e 1ail4re5 +he Clo4/ Poli*y Angine is i02le0ente/ 4sing 42strea0 Pa*e0a,er
11
servi*es5
refarch'feed(ac)*redhat#com -0 www#redhat#com
Illustration %-12: Hi!7 Availabilit- Advanced Cloud Polic- &n!ine
. High <evel Architectural E+ample
+his se*tion ta,es a high level a22roa*h in /e0onstrating the 2ro*ess o1 /e1ining an
a22li*ation into a Re/ 9at Clo4/&or0s environ0ent5 &or this /is*4ssion: the a*tivities to
s422ort the Clo4/ Cons40er have 6een ass40e/: in other 7or/s: the 1o*4s is on ho7 the
Clo4/ Cons40er i02le0ents their a22li*ation not the *on1ig4ration o1 the in1rastr4*t4re5
+his Clo4/ Cons40er 7o4l/ li,e to 2resent a 0anage/: highly-availa6le 7e6 retail 2resen*e
7hi*h o11ers /igital 2ro/4*ts s4*h as ringtones: a22s: e-6oo,s: 04si*: et*5 +he s2e*i1i* *lo4/
2rovi/er that hosts the retail 2resen*e is not a 2riority5 +he reD4ire0ents are s4*h that the
Clo4/ Cons40er *an a**ess their store 7hile *ontrolling the entire li1e *y*le 0anage0ent o1
the a22li*ation: e5g5 /e1ine: /e2loy: 42/ate: s*ale: 0anage =0igrate: sna2hot>6a*,42?: an/
tear-/o7n5
+he "vervie# se*tion 1ollo7s the 2ro*ess o1 2lanning an/ /esigning the retail store5 +he
Define se*tion 2rovi/es the s2e*i1i* /e1initions that 7o4l/ 6e i02le0ente/5
www#redhat#com -3 refarch'feed(ac)*redhat#com
+.1 -verview
Chether or not one is 4sing a *lo4/: virt4aliFation: or 6are 0etal: a retail 2resen*e reD4ires
2lanning an/ /esign5 +his ty2e o1 a22li*ation 4ses a 04lti-tier 0o/el to allo7 1or s*ala6ility an/
availa6ility5 +hese tiers *onsist o1 a 7e6 tier: a22li*ation tier: an/ /ata6ase tier: as sho7n the
/iagra0 that 1ollo7s5
Ce6 servers are 4se/ to 2rovi/e the 1ronten/5 A reverse 2ro'y is 4se/ to *a*he stati* *ontent:
7hile /yna0i* *ontent is generate/ 6y a *4sto0iFe/ Lava Anter2rise A/ition =AA? a22li*ation5
Lava AA 0i//le7are 2rovi/es a /ata6ase /river 7hi*h allo7s 1or the *onne*tivity 6et7een the
7e6 1ronten/ an/ the /ata6ase 6a*,en/ in an a6stra*te/ 1ashion5
Chile a sol4tion 1or the retail 2resen*e *o4l/ 6e hoste/ on a single syste0: this sol4tion 4ses
04lti2le 7e6 servers to 2rovi/e s*aling an/ a*tive>a*tive availa6ility5 9ar/7are or so1t7are
6ase/ loa/ 6alan*ing 0ay 6e 4se/ to s2rea/ the reD4ests a*ross the 2arti*i2ating 7e6
servers: 64t this i02le0entation 4ses a so1t7are-6ase/ loa/ 6alan*er5 +he 0i//le7are is
hoste/ on the sa0e syste0s as the 7e6-server: 4tiliFing *l4stering to 0aintain availa6ility an/
*onsisten*y5 +he loa/ 6alan*er: reverse 2ro'y: an/ /ata6ase are ea*h se2arate syste0s5
refarch'feed(ac)*redhat#com -7 www#redhat#com
Illustration )-1: A,,lication Tiers
&or high availa6ility o1 the loa/ 6alan*er: reverse 2ro'y: an/ /ata6ase server: the a*tive
instan*e is 0onitore/5 U2on a /isr42tion in the servi*e: a re2la*e0ent server is instantiate/5
&or the /ata6ase server: this reD4ires the storage to 6e highly availa6le: highly relia6le: an/
2ersistent5 +his storage 04st 6e a6le to 6e /isasso*iate/ 7ith the ol/ instan*e an/ asso*iate/
7ith the ne7 instan*e5 A Clo4/ Servi*e that 2rovi/es a Clo4/ &ileSyste0 is 4se/5
+he 2ro*ess o1 /ire*ting net7or, tra11i* to the site 0ay reD4ire a Virt4al Private Net7or,
*on1ig4ration5 -1 the /e2loy0ent is o2en to the internet: a DNS 42/ate is 2ossi6le5
+o s400ariFe: 8a(le .'"2 Store Components lists all a*tive syste0s 6y 14n*tionality 2lanne/
1or the initial /e2loy0ent5
4nstance ?ame
4nstance
Count
Role
loa/-6alan*er01 1 Distri64te -n*o0ing ReD4ests
reverse-2ro'y01 1 Serve stati* *ontent D4i*,ly
/ata6ase01 1 Store /ata 1or a22li*ation
4ser-a22-store01-0% %
9ost 4ser a22li*ations
=7e6server: 0i//le7are:
*l4steriFe/ LAA instan*e 7ith
LD)C instan*es
Table )-1: Store Com,onents
www#redhat#com .$ refarch'feed(ac)*redhat#com
+he 1ollo7ing /iagra0 re2resents the entire a22li*ation /e2loy0ent5
Not all the syste0s have the sa0e *o024te: 0e0ory: or -( reD4ire0ents5 &or e'a02le: a loa/
6alan*er 0ay have 0ini0al reD4ire0ents in regar/s to storage s2a*e: ho7ever: the storage
1or a /ata6ase is 0ore *riti*al5
+.2 )e&ining Application )eployment
+his se*tion /e1ines the a22li*ation in ter0s o1 the +e02lates: Asse06lies: an/ the
De2loya6le5 +he Clo4/ Cons40er has the o2tion to s422ly *on1ig4ration an/>or *4sto0iFation
2ara0eters in*l4/ing a s*ri2t 1or the vario4s *o02onents5
.#&#" 1efine 8emplates
As /es*ri6e/ in /etail in +a6le $-2 De1initions: a +e02late is a re*i2e o1 7hat so1t7are sho4l/
6e in a /is, i0age5 +his /es*ri2tion is the list o1 so1t7are *ontaine/ in the /is, i0age: along
7ith 0eta/ata i/enti1ying the s422orte/ )ase (S5 +he )ase (S te02late is 2rovi/e/ 6y either
a Clo4/ Provi/erEs /e1inition or 1ro0 a Natello /e1inition5
refarch'feed(ac)*redhat#com ." www#redhat#com
Illustration )-2: Retail ;eb Store A,,lication 4e,lo-ment
All +e02lates are /e1ine/ as reD4ire/ 1or the 1inal a22li*ation sta*, as /etaile/ 6elo75
8emplate ReAuirements :oot
rhel6Q6ase rhel-'86Q6$-server-6 R
l6 rhel-'86Q6$-server-l6-6 N
r2ro'y sD4i/ N
/6 PostgreSH< N
a22Qserver L)oss Anter2rise A22li*ation Plat1or0 N
a22Qstore User s422lie/ a22li*ation 64n/le N
Table )-2: Tem,lates
.#&#& 1efine Assem(lies
An Asse06ly is a list o1 +e02lates: one o1 7hi*h 04st /es*ri6e a 6oota6le i0age5 Asse06lies
also /es*ri6e the servi*e *on1ig4rations that are 2rovi/e/ an/ reD4ire/ 6y the asse06ly5 Aa*h
asse06ly that in/i*ates it reD4ires 0anage0ent res4lt in L)oss (N an/ Natello 2arti*i2ating in
0anaging the instan*e5 +he Asse06lies 4se/ 1or this sol4tion are /etaile/ in the 1ollo7ing
ta6le5
Assem(l ?ame 8emplates 4ncluded Services Provided Services ReAuired
loa/-6alan*er rhel6Q6ase: l6 loa/-6alan*er
7e6-i2 =a**e2ts 04lti2les?:
*ontent-0anage0ent
reverse-2ro'y rhel6Q6ase: r2ro'y reverse-2ro'y *ontent-0anage0ent
/ata6ase rhel6Q6ase: /6 /ata6ase
*lo4/-storage =2rovi/e/ 6y
Clo4/&S?: *ontent-
0anage0ent
a22-store
rhel6Q6ase: /6:
a22Qserver: a22Qstore
a22Qserver
7e6-i2
/ata6ase: reverse-2ro'y:
loa/-6alan*er: *ontent-
0anage0ent: L(N-
0anage0ent
Table )-3: Assemblies
www#redhat#com .& refarch'feed(ac)*redhat#com
.#&#, 1efine 1eploa(le
No7 the *o02lete sol4tion sta*, *an 6e /e1ine/ as a De2loya6le: 7hi*h is *o02ose/ o1
Asse06lies an/ a//itional 0eta-/ata5 Chen instantiate/: ea*h Asse06ly is *reate/ a**or/ing
to s2e*i1ie/ 2ara0eters55 8a(le .'-2 1eploa(le lists all relevant *o02onents5
4nstance ?ame Assem(lies 4ncluded 4nstance Count 8argeting 1ata
loa/-6alan*er01 loa/-6alan*er 1 S0all instan*e siFe
reverse-2ro'y01 reverse-2ro'y 1 Be/i40 instan*e siFe
/ata6ase01 /ata6ase 1 <arge instan*e siFe
4ser-a22-store01-0% a22-store % Be/i40 instan*e siFe
Table )-%: 4e,lo-able
refarch'feed(ac)*redhat#com ., www#redhat#com
/ 1etailed Architectural Bor)flows
+his se*tion /es*ri6es the 0a;or 1lo7 o1 a*tivity that Re/ 9at Clo4/&or0s 2er1or0s 7hen a
Clo4/ Cons40er initiates Re/ 9at Clo4/&or0s a*tions as /es*ri6e/ in High <evel
Architectural E+ample5 +he 1ollo7ing 7or,1lo7 sho7s the high-lever overvie7 1or this
2ro*ess5
www#redhat#com .- refarch'feed(ac)*redhat#com
Illustration +-1: Hi!7-level Instance ;or$(lo0
,.1 Functionality (apping
-n the 2revio4s se*tions 14n*tionality 7as /es*ri6e/ as 2er1or0e/ 6y A22li*ation Des*ri2tion
3eneration: A22li*ation <i1e*y*le Banage0ent: Content Provision Banage0ent: -0age
<i1e*y*le Banage0ent: an/ Clo4/ -nter1a*e5 -n this se*tion the a*t4al 2ro/4*t *o02onents
1ro0 Re/ 9at Clo4/&or0s are 4se/5 +he 1ollo7ing ill4stration 0a2s 14n*tionality to
Clo4/&or0s 2ro/4*ts5 Clo4/ -nter1a*e re0ains a6stra*te/ as it re2resents an inter1a*e to ea*h
*o02onent: an/ Clo4/ Servi*es are invo,e/ as nee/e/5
refarch'feed(ac)*redhat#com .. www#redhat#com
Illustration +-2: Functionalit- to Product a,,in!
+he Pro/4*t Classi1i*ation 0a2s in the 1ollo7ing 7ay into the ar*hite*t4re as re2resente/ in
the 1ollo7ing /iagra05
,.2 Assumptions
+he ass402tions 7hi*h 1ollo7 are either 1airly straight1or7ar/ a*tions: or a*tions that are
/es*ri6e/ in 0ore /etail in a 14t4re Re1eren*e Ar*hite*t4re5Ce
Ass40e/ A*tivities
• All 4sers have 6een *reate/ 7ith reD4ire/ 2er0issions to 2er1or0 the a*tivities
atte02te/
• A Pool>Pool &a0ily has 6een esta6lishe/ 7ith the a**o4nt a**ess reD4ire/ 1or the
*onstit4ent *lo4/ 2rovi/ers
• All in1rastr4*t4re an/ s422ort 14n*tions have 6een 2er1or0e/ e5g5: Re/ 9at Clo4/&or0s
has 6een installe/ an/ *on1ig4re/
www#redhat#com ./ refarch'feed(ac)*redhat#com
Illustration +-3: Arc7itectural /vervie0
,.3 )e&ine
+he se*tion High <evel Architectural E+ample 2rovi/es the *ontent /etails o1 /e1ining the
+e02lates: Asse06lies: an/ De2loya6le to s2e*i1y the on-line store a22li*ation5
/#,#" 8emplates
:ase OS
+he 6ase (2erating Syste0 is *hosen 1ro0 a list o1 availa6le 2re-*on1ig4re/ Re/ 9at
Anter2rise <in4' 6 i0ages5 -n this *ase these are A0aFon AC2 Ba*hine -0ages =AB-?: 64t
0ay 6e 2rovi/e/ 6y the Clo4/ Provi/er5 +he 2ro*ess is sho7n in the 1ollo7ing /iagra0 7hi*h
*ontains seD4ential n406ers that *orrelate to the n406ere/ ste2s that 1ollo75
15 Clo4/ Cons40er s2e*i1ies the *reation o1 a ne7 te02late 4sing Re/ 9at Anter2rise
<in4' 6 6ase (S 1or A0aFon Ce6 Servi*es =ACS?
25 Con/4*tor *onta*ts -0age Careho4se to retrieve the list o1 availa6le AB-s
%5 Con/4*tor generates +e02late CD< 6ase/ on Clo4/ Cons40er in24t
$5 Con/4*tor saves +e02late CD< to lo*al D) 4n/er Clo4/ Cons40er a**o4nt
refarch'feed(ac)*redhat#com .0 www#redhat#com
Illustration +-%: Create AI Tem,late
8emplate for ?on':oot 4mage
+he 2ro*ess o4tline/ 6elo7 1or the loa/ 6alan*er +e02late sho4l/ 6e re2eate/ 1or ea*h o1 the
re0aining +e02lates: as /e2i*te/ in the ill4stration that 1ollo7s5
• Piranha loa/ 6alan*er
• SD4i/ reverse 2ro'y
• PostgreSH< /ata6ase
• L)oss Anter2rise A22li*ation Plat1or0
• Clo4/ *ons40er 42loa/e/ a22li*ation
15 Clo4/ Cons40er s2e*i1ies the *reation o1 a ne7 te02late 6ase/ on Re/ 9at Anter2rise
<in4' 6
25 Con/4*tor *onta*ts Natello to o6tain list o1 relate/ availa6le so1t7are
%5 Natello 2rovi/es a list o1 2a*,ages>so1t7are gro42s availa6le
$5 Clo4/ *ons40er sele*ts Oloa/-6alan*erP 2a*,age gro42 =re1er to 8a(le .'&2 8emplates?
#5 Con/4*tor generates +e02late CD< 6ase/ on 4ser in24t
65 Con/4*tor saves +e02late CD< =to lo*al D) 4n/er Clo4/ Cons40er a**o4nt?
www#redhat#com .3 refarch'feed(ac)*redhat#com
Illustration +-): 4e(ine Tem,late
/#,#& Assem(lies
+he 2ro*ess o4tline/ 6elo7 1or the <oa/-6alan*er Asse06ly sho4l/ 6e re2eate/ 1or ea*h o1
the re0aining Asse06lies5 +he 2ro*ess to *reate ea*h Asse06ly is sho7n 6elo75
• Reverse 2ro'y
• Data6ase
• A22 Store
15 Clo4/ Cons40er s2e*i1ies ne7 <oa/-6alan*er Asse06ly 7ith Re/ 9at Anter2rise
<in4'6 )ase an/ Piranha as the +e02lates =re1er to 8a(le .',2 Assem(lies?
a? -n*l4/es Re/ 9at Anter2rise <in4' 6 )ase +e02late
6? -n*l4/es <oa/ )alan*e +e02late
*? -/enti1ies that it 2rovi/es loa/ 6alan*e Servi*e
/? -/enti1ies that it reD4ires one or 0ore Ce6 -P a//resses
e? S2e*i1ies it reD4ires 0anage0ent
25 Con/4*tor generates Asse06ly 6ase/ on Clo4/ Cons40er in24t
%5 Con/4*tor saves Re/ 9at Anter2rise <in4' 6 Ce6 Server Asse06ly CD< to D) 4n/er
Clo4/ Cons40er a**o4nt
refarch'feed(ac)*redhat#com .7 www#redhat#com
Illustration +-+: 4e(ine Assembl-
/#,#, 1eploa(le
-n this ste2 the Clo4/ Cons40er /e1ines the overall De2loya6le 7hi*h *onsists o1 the
2revio4sly *reate/ Asse06lies5 +he 7or,1lo7 is 2i*t4re/ ne't5
15 Clo4/ Cons40er s2e*i1ies ne7 De2loya6le
a? 1 instan*e o1 loa/-6alan*er Asse06ly 7ith na0e loa/-6alan*er01 an/ siFe s0all
6? 1 instan*e o1 reverse-2ro'y Asse06ly 7ith na0e reverse-2ro'y01 an/ siFe 0e/i40
*? 1 instan*e o1 /ata6ase Asse06ly 7ith na0e /ata6ase01 o1 siFe large
/? % instan*es o1 a22-store 7ith na0e 4ser-a22-store01-0% o1 siFe 0e/i40
25 Con/4*tor generates Re/ 9at Anter2rise <in4' 6 Ce6 Server De2loya6le 6ase/ on
Clo4/ Cons40er in24t
%5 Con/4*tor saves the Re/ 9at Anter2rise <in4' 6 Ce6 Server De2loya6le CD< to D)
4n/er Clo4/ Cons40er a**o4nt
www#redhat#com /$ refarch'feed(ac)*redhat#com
Illustration +-.: 4e(ine 4e,lo-able
,.4 )eploy
+he Clo4/ Cons40er has 2lanne/ an/ /e1ine/ a22li*ation /e2loy0ent: in24tting the
/e1initions in Re/ 9at Clo4/&or0s5 +his se*tion /etails the 2ro*ess o1 0a,ing the a22li*ation
live5
/#-#" :uild
+he 64il/ 2ro*ess is /es*ri6e/ in the 1ollo7ing /iagra0 an/ e'2lains ho7 a +e02late re*i2e is
0a/e into a /is, i0age5 -n o4r e'a02le: the )ase (S is not 64ilt 64t 2rovi/e/ 6y an A0aFon
AC2 AB-5
15 Clo4/ Cons40er 42loa/s L)oss 64n/le to L)oss (N
25 L)oss (N 24shes to Natello
%5 Clo4/ Cons40er initiates 64il/ a*tion 1ro0 Con/4*tor
$5 Con/4*tor sen/s 0essage to -0age &a*tory to 64il/ i0age
#5 -0age &a*tory re*eives reD4est to 64il/ i0age
refarch'feed(ac)*redhat#com /" www#redhat#com
Illustration +-1: Ima!e #uild
65 -0age &a*tory *alls 64il/ 2ro*ess
a? *reates a te02orary VB
6? 4ses Natello as so4r*e to 64il/ 0ini0al VB
*? 0ani24lates 0ini0al VB to allo7 te02orary a**ess
/? installs re0aining reD4este/ 2a*,ages>so1t7are
e? installs so1t7are an/ 42/ates *on1ig4ration reD4ire/ to s422ort *lo4/ environ0ent:
in*l4/ing any so1t7are nee/e/ 1or Banage0ent
1? generates -C-C<A
g? 4n/oes 0ani24lation 1ro0 *? that allo7e/ te02orary a**ess
75 -0age &a*tory 24shes i0age: -C-C<A: te02late to -0age Careho4se
85 -0age Careho4se>-0age &a*tory 2re2ares i0age 1or Clo4/ Provi/er an/ 246lishes
a? -0age Careho4se 42/ates its D)
6? -0age Careho4se tells -0age &a*tory i0age is rea/y at Clo4/ Provi/er
*? -0age &a*tor tells Con/4*tor i0age is rea/y at Clo4/ Provi/er
"5 Con/4*tor 42/ates D) an/ Clo4/ -nter1a*e
&or non-6oota6le i0ages a VPA+9
12
install is /one: an/ the relevant /ire*tory str4*t4res are
64il/ into a /is, i0age5 -n a//ition the 0eta-/ata reD4ire/ to 0o4nt an/ lin, the /is, i0age in
04*h the sa0e 7ay alternatives are 0anage/ is re*or/e/5
www#redhat#com /& refarch'feed(ac)*redhat#com
/#-#& 4nstantiate
+he ste2s to la4n*h the on-line store /e2loya6le are 2i*t4re/ ne't5 +his is a /etaile/ 2ro*ess
7hi*h /etails 0any ste2s5
15 Clo4/ Cons40er in/i*ates the start o1 a /e2loya6le in a 2arti*4lar 2ool
25 Con/4*tor *reates a *on/or reD4est to start all 6 instan*es
• loa/-6alan*er01
• reverse-2ro'y01
• /ata6ase01
• 4ser-a22-store01: 4ser-a22-store02: 4ser-a22-store0%
%5 Clo4/ Cons40er is 2ro02te/ 1or any 0issing 2ara0eters that are reD4ire/
$5 Con/or a**e2ts an/ D4e4es reD4est
refarch'feed(ac)*redhat#com /, www#redhat#com
Illustration +-2: 4e,lo-able 6aunc7 Process
#5 Con/or atte02ts to 0at*h reD4est 4sing 2ro*ess o4tline in the 7or,1lo7 6elo75 Con/or
6egins 6y interrogating Con/4*tor to 1in/ availa6le *lo4/ 2rovi/er5
65 -1 a 0at*h is s4**ess14l: Con/or in1or0s Delta*lo4/ to start instan*es an/ in1or0s
A4/rey to *on1ig4re instan*es: 2rovi/ing one ti0e *re/entials: UU-D: an/ other host
i/entity in1or0ation 1or ea*h i0age5 Con/or also *o004ni*ates 7ith NatelloEs
Can/le2in
1%
to reserve entitle0ents 1or ea*h instan*e5 +his is reD4ires three a*tions5
75 Delta*lo4/ re*eives la4n*h reD4ests 1ro0 *on/or an/ initiates instan*es5
85 A4/rey reD4ests CD< an/ -C-C<A 1or ea*h instan*e
www#redhat#com /- refarch'feed(ac)*redhat#com
Illustration +-13: Condor Resource atc7in!
"5 As ea*h instan*e is la4n*he/: a te02orary se*4re *onne*tion is esta6lishe/ 4sing /ata
*olle*te/ 1ro0 the Clo4/ Cons40er5
• Using the te02orary se*4re *onne*tion: long-ter0 i/entity an/ *re/entials are 4se/
1or a4thenti*ate/ *onne*tions5
• ReD4ire/ VPN *onne*tions are esta6lishe/5
105 Aa*h instan*e 2rovi/es its UU-D to the A4/rey *on1ig4ration server: starting any
re0aining *on1ig4ration=s?5 +he 1ollo7ing a*tions are 2er1or0e/: ho7ever: not
ne*essarily in the or/er 2rovi/e/5
• All instan*es
◦ stan/ar/ *on1ig4ration in*l4/ing 6asi* server an/ *lo4/ s2e*i1i* /etails are
retrieve/ 1ro0 *on1ig4ration server
◦ stan/ar/ *on1ig4ration s*ri2ts are a22lie/
◦ non-6oota6le i0ages are 0o4nte/ an/ integrate/
• <oa/-6alan*er01 instan*e
◦ 7aits 1or 7e6--Ps *on1ig4ration s*ri2t 1ro0 *on1ig4ration server
◦ 7e6--P *on1ig4ration s*ri2ts are a22lie/
◦ 2rovi/es loa/ 6alan*er 2ara0eters to *on1ig4ration server
◦ in1or0s *on1ig4ration server that *on1ig4ration is *o02lete
• reverse-2ro'y01 instan*e
◦ 2rovi/es reverse 2ro'y 2ara0eters to *on1ig4ration server
◦ in1or0s *on1ig4ration server that *on1ig4ration is *o02lete
• /ata6ase01 instan*e
◦ 7aits 1or Clo4/&S K /ata6ase *on1ig4ration s*ri2ts 1ro0 *on1ig4ration server
◦ Clo4/&S *on1ig4ration s*ri2t is a22lie/
◦ /ata6ase *on1ig4ration s*ri2t is a22lie/
◦ 2rovi/es /ata6ase server 2ara0eters to *on1ig4ration server
◦ in1or0s *on1ig4ration server that *on1ig4ration is *o02lete
refarch'feed(ac)*redhat#com /. www#redhat#com
• 4ser-a22-store01-0% instan*es
◦ ea*h instan*e starts L)oss agents
◦ agents *onne*t 7ith L)oss (N
◦ ea*h instan*e 2rovi/es 7e6--P 2ara0eters to *on1ig4ration server
◦ ea*h instan*e 7aits 1or a22-store *on1ig4ration s*ri2ts 7hi*h *ontain the
/ata6ase: reverse-2ro'y: an/ loa/-6alan*er 2ara0eters
◦ ea*h instan*e a22lies a22-store *on1ig4ration s*ri2t
◦ in1or0s *on1ig4ration server that *on1ig4ration is *o02lete
• Clo4/&S Servi*e
◦ 7aits 1or Clo4/&S 2ara0eters 1ro0 *on1ig4ration server
◦ a22lies Clo4/&S *on1ig4ration
◦ in1or0s *on1ig4ration server that servi*e is rea/y
• A4/reyEs *on1ig4ration server
◦ 7aits 1or ea*h instan*e to 2rovi/e 2ara0eters: 7hi*h it 4se/ to generate
*oor/inate/ a22li*ation *on1ig4ration: 7hi*h is sent in the 1or0 o1 s*ri2ts to ea*h
instan*e
◦ 7aits 1or *on1ig4ration to *o02lete 1ro0 ea*h instan*e: then 2re2ares trans0its
instan*e /ata to Con/4*tor
115 A4/rey Con1ig4ration Server trans0its instan*e /ata to Con/4*tor
,.+ (anage
+his se*tion 2rovi/es insight to the a*tions that *an 6e 2er1or0e/ on a /e2loy0ent a1ter
la4n*h5 +he 1ollo7ing a*tivities are a//resse/
• U2/ating
• Baintaining>S4s2en/ing
• S*aling
• Bigrating
• Re2orting
• )4siness Contin4ity
• Ali0inating
www#redhat#com // refarch'feed(ac)*redhat#com
/#.#" @pdating
+here are 04lti2le targets 1or 42/ating in a /e2loy0ent5 +he 0ost *o00on 7o4l/ 6e errata
an/ so1t7are 42/ates5 (thers in*l4/e 42/ating the 4ser 2rovi/e/ a22li*ation 7hi*h 0ay
reD4ire a//itional so1t7are: *lo4/ servi*e 42/ates or ne7 o11erings: or *hanges in the
/e2loya6leEs /e1inition5
+hese 42/ates *an ha22en 6y three /i11erent 0etho/s *ontrolle/ 6y 4ser 2oli*y5
• live 42/ate M Natello>L)oss (N 42/ate r4nning /e2loya6le
• restart o1 /e2loy0ent M /e1inition is 42/ate/: then re/e2loye/
• hy6ri/ M live 42/ate 1ollo7e/ 6y an 42/ate/ CD< 7hi*h 24shes an/ reD4ires a restart
/#.#& %aintainingCSuspending
+he Clo4/ Cons40er 0ay /esire to te02orarily have their a22li*ation sto2 2ro*essing so that
0o/i1i*ations *an 6e 0a/e: then allo7 2ro*essing to res40e5 +his 2ro*ess 1ollo7s the ste2s
6elo7
• sto2 all instan*es o1 the /e2loy0ent
• retain sna2shot 1ro0 all instan*es
• 2er1or0 0aintenan*e>0o/i1i*ation
• *ontin4e instan*es 1ro0 sna2hot
/#.#, Scaling
+he Clo4/ Cons40er 0ay 1in/ that they 7ish to s*ale 42 or /o7n their r4nning /e2loy0ent5
+he o2tions availa6le in*l4/e the 1ollo7ing
• 42/ate /e2loya6le /e1inition to in*l4/e 0ore or larger instan*es: then restart entire
/e2loy0ent
• 4sing the sa0e /e2loya6le /e1inition: start 0ore /e2loy0ents
• 42/ate /e2loya6le /e1inition: a22ly *hanges an/ *on/or starts>sto2s a22ro2riately
• a4to0ati*ally in*rease or /e*rease n406er o1 instan*es in /e2loya6le 6ase/ on
*a2a*ity 0eas4re0ent as 0onitore/ 7ith Batahari
/#.#- %igrating
(n*e a /e2loy0ent has 6een r4le/ 4nsta6le: the e'isting /e2loy0ent is sto22e/ an/ a
/e2loy0ent 4sing the sa0e /e1inition is starte/ at a /i11erent *lo4/ 2rovi/er5
refarch'feed(ac)*redhat#com /0 www#redhat#com
/#.#. Reporting
+he *ategories o1 re2orting relating to a r4nning /e2loy0ent in*l4/e
• a22li*ation>instan*e>/e2loy0ent stat4s
• reso4r*e 4sage re2orts
• a22li*ation s2e*i1i* re2orts =0atahari agent /e2en/ent?
/#.#/ :usiness Continuit
Chether the Clo4/ Cons40er is 4sing a *lo4/ or not: the i/ea o1 g4aranteeing that /ata is not
lost is a 2riority5 Chile the 0etho/s have not 6een resolve/ as to 4sing live sna2shots: 6a*, 42
an/ ar*hival so1t7are: or /ata re2li*ation: ea*h o1 the 1ollo7ing is 2ossi6le5
• Point in +i0e 6a*,42 o1 i0age an/ /ata storage M restora6le to 2revio4s lo*ation
• Bigration o1 /ata 1ro0 2la*e to another
• )a*,42 o1 /ata to a re0ote lo*ation: restora6le to a /i11erent lo*ation
/#.#0 Eliminating
Chen the Clo4/ Cons40er /eter0ines that a /e2loy0ent is no longer nee/e/: any i0ages at
the *lo4/ 2rovi/er *an 6e /is*ar/e/5 +he res2onsi6ility to *on1ir0 any reD4ire/ /ata has 6een
re2li*ate/ to a lo*ation that allo7s at-7ill a**ess is 42 to the Clo4/ Cons40er5
www#redhat#com /3 refarch'feed(ac)*redhat#com
0 Architectural Operational Fle+i(ilit
+he e'a02le that 7as 2revio4sly /etaile/ in this 2a2er 7as one 2ossi6le 0etho/ o1
i02le0enting a Clo4/ Cons40erEs nee/ 1or an online store5 Ass40ing no *hanges in the
reD4ire0ents: this se*tion /is*4sses alternative *onsi/erations an/ 2ossi6ilities to
a**o02lishing this goal5 A//itional *onsi/erations 1or *lo4/ /e2loy0ents not *overe/ in the
e'a02le are also e'2lore/5
..1 Security/ (ulti0tenancy/ Service 'ro1y
Re/ 9at Clo4/&or0s 2rovi/es the *a2a6ility 1or 04lti2le Clo4/ Cons40ers to se*4rely share a
*lo4/ 2rovi/er a**o4nt or to si04ltaneo4sly se*4rely a**ess 04lti2le *lo4/s as a single Clo4/
Cons40er5 A**ess to a Re/ 9at Certi1ie/ Clo4/ Provi/er P46li* Clo4/s 0ay reD4ire the 4se o1
2ro'ies5
..2 Alternative )eployments
+he e'a02le in this 2a2er 2rovi/e/ one /e2loya6le /e1inition5 +here are a 04ltit4/e o1
variations in*l4/ing the 1ollo7ing: 64t not li0ite/ to
• 4sing a *lo4/ 6ase/ on lo*al virt4aliFation =o22ose/ to AC2?
• /e1ining an/ 64il/ing a 6ase (S i0age
• 4sing e'isting i0ages to 64il/ ne7 i0ages
• /o not strati1y the so1t7are layers: i5e5 /e1ine a single asse06ly 2er instan*e that has all
the nee/e/ so1t7are 1or that instan*e
• have i0ages 6e 24lle/ 7hen nee/e/ =o22ose/ to 2re-2la*e0ent?
• have asse06lies e'e*4te in se2arate *lo4/s
refarch'feed(ac)*redhat#com /7 www#redhat#com
3 Conclusion
-n 0oving to the *lo4/ or 64il/ing ne7 o22ort4nities 4sing a *lo4/ in1rastr4*t4re: the
o7nershi2: *ontrol: *ost visi6ility: an/ /e*isions are 0oving to the /o0ain e'2ert =Eo7nerE o1
the a22li*ation?5 Re/ 9at Clo4/&or0s *lo4/ in1rastr4*t4re allo7s 1or 6etter o2erational
e11i*ien*y an/ lo7er +C( 1or the *reation an/ li1e*y*le o1 *lo4/ a22li*ation 6y ena6ling the
/o0ain e'2ert5
+his 2a2er 2rovi/e/ a high-level overvie7 o1 Re/ 9atEs ne7 Clo4/&or0s te*hnologies5 As 2art
o1 this overvie7 several *on*e2ts 7ere *overe/: s4*h as a revie7 o1 the N-S+ /e1inition
stan/ar/s: Re/ 9atEs *lo4/ strategy an/ a /es*ri2tion: e'a02le an/ 7or,1lo7 o1 a Clo4/&or0s
/e2loy0ent5
+he ,ey ta,ea7ay 1ro0 this 2a2er sho4l/ 6e that Re/ 9at is 2rovi/ing the te*hnologies to
0a,e yo4r *lo4/ in1rastr4*t4re 1le'i6le M 1le'i6ility 0eans *hoi*es5 +his 4niD4e o11ering ena6les
yo4 to ta,e a/vantage o1 /is2arate *lo4/ 2rovi/ers 7itho4t the overhea/ o1 having to
*4sto0iFe the i0ages 1or ea*h environ0ent5 )y 2rovi/ing a single 4ser inter1a*e that intera*ts
7ith te*hnologies s4*h as Con/4*tor: -0age &a*tory: Con/or: et*5: Re/ 9at is lo7ering the
6arriers to 4sing the ne7 *lo4/ 2ara/ig05 -1 yo4r enter2rise /evelo2er ,no7s that they *an
7rite to one AP- M DeltaClo4/ AP- an/ then 6e a6le to ta,e a/vantage o1 04lti2le *lo4/
2rovi/ers: they are 0ore li,ely to e06ra*e the te*hnology5
www#redhat#com 0$ refarch'feed(ac)*redhat#com
+he 1ollo7ing /iagra0 /e2i*ts an over vie7 o1 the Re/ 9at Clo4/&or0s ar*hite*t4re5
refarch'feed(ac)*redhat#com 0" www#redhat#com
Illustration 1-1: Red Hat CloudForms Arc7itectural /vervie0
Appendi+ A2 Contri(utors
Ce 7o4l/ li,e to than, the 1ollo7ing in/ivi/4als 1or their ti0e an/ 2atien*e as 7e *olla6orate/
on this 2ro*ess5 +his /o*40ent 7o4l/ not have 6een 2ossi6le 7itho4t their 0any *ontri64tions5
Contri(utor 8itle Contri(ution
Vi;ay +rehan Dire*tor o1 Sol4tions Ar*hite*t4res Content: Diagra0s: Revie7s
Carl +rielo11
+e*hni*al Dire*tor: So1t7are
Angineering
Vision: Content: Revie7s
Lohn D4nning Banager: So1t7are Angineering Content: Revie7s
94gh )ro*, Banager: So1t7are Angineering Content: Revie7s
Chris <alan*ette Senior So1t7are Angineer Diagra0s: Content
S*ott Collier: R9CA Prin*i2al So1t7are Angineer Content: Diagra0s: Revie7s
)ryan Nearney Banager: So1t7are Angineering Content: Revie7s
Charles Cro4*h Banager: So1t7are Angineering Content: Revie7s
Le11ery Dar*y Prin*i2al So1t7are Angineer Content: Diagra0s
D0itri Pal Banager: So1t7are Angineering Content
Steven Da,e Prin*i2al So1t7are Angineer Content: Diagra0s
3or/on 9a11 Senior Pro/4*t Bar,eting Banager Content: Diagra0s
)rett +h4r6er: R9CA Senior So1t7are Angineer Revie7s
Lohn 9err: R9CA Senior So1t7are Angineer Revie7s
Table A: Contributors
www#redhat#com 0& refarch'feed(ac)*redhat#com
Appendi+ :2 References
1 htt2>>*sr*5nist5gov>gro42s>SNS>*lo4/-*o024ting>
2 htt2>>*olla6orate5nist5gov>t7i,i-*lo4/-
*o024ting>246>Clo4/Co024ting>Do*40ents>Dra1t-SP-800-1$#Q*lo4/-
/e1inition52/1
% htt2>>*olla6orate5nist5gov>t7i,i-*lo4/-
*o024ting>246>Clo4/Co024ting>Re1eren*eAr*hite*t4re+a'ono0y>N-S+QC
CQRe1eren*eQAr*hite*t4reQv1QBar*hQ%0Q201152/1
$ htt2>>7775aeol4s2ro;e*t5org
# htt2s>>gith465*o0>0atahari>0atahari>7i,i
6 htt2>>7775re/hat5*o0>0rg>0essaging>
7 htt2>>hail57i,i5,ernel5org>
8 htt2>>7775re/hat5*o0>i/entityQ0anage0ent>
" htt2>>1reei2a5org>
10 htt2>>1e/ora2ro;e*t5org>7i,i>&eat4res>SSSD
11 htt2>>7775*l4sterla6s5org>7i,i>Pa*e0a,er
12 htt2>>7775gn45org>s>hello>0an4al>a4to0a,e>VPA+9-)4il/s5ht0l
1% htt2s>>1e/orahoste/5org>*an/le2in>7i,i>(vervie7