deliver production-grade openstack lbaas with citrix netscaler · deliver production grade...

Solution Brief

citrix.com

Deliver Production Grade OpenStack LBaaS with Citrix NetScaler

Solution Brief

citrix.com


2

Enterprises are increasingly turning to private cloud architectures for increased agility and greater operational efficiency in deploying mission critical applications. OpenStack has gathered significant traction as an open source alternative to commercial, proprietary cloud management solutions. As OpenStack rapidly evolves to be more mature, vendor integrations need to go beyond proof of concept solutions and address real production deployment challenges involved in offering infrastructure-as-a-service, including scalability, elasticity, performance and flexibility/control over resource allocation. Citrix® NetScaler’s OpenStack Load-Balancer-as-a-Service (LBaaS) solution allows enterprises to rapidly deploy line of business applications in OpenStack while guaranteeing performance and availability service level assurances (SLAs) as well as redundancy and seamless elasticity.

Challenge

OpenStack has come a long way in simplifying the provisioning of compute, storage and networking resources as part of an application deployment workflow. Neutron, which is the networking project for OpenStack, automates the creation and management of L2/L3 networks as well as associated L4/L7 network services such as firewall, load balancing and VPN services. While Neutron has made rapid advancement in enabling a self-service consumption model for networking, there still remain several operational gaps that need to be addressed for successfully deploying mission critical workloads using OpenStack and Neutron. Some of these gaps include service aware resource allocation, elasticity on demand, monitoring and visibility, fault tolerance and high availability.

Solution

NetScaler’s OpenStack LBaaS solution has been designed to be a truly production grade solution for running business critical applications at scale, and has been built to address all the operational concerns around running infrastructure-as-a-service at scale, without relinquishing flexibility and control. NetScaler’s OpenStack LBaaS solution is based on a purpose-built orchestration product from Citrix called NetScaler Control Center, which simplifies a lot of the operational complexity involved in deploying LBaaS in OpenStack.

Benefits

• Investment protection through capacity pooling across all NetScaler infrastructure • End-to-end automation across all NetScaler appliances. • Guaranteed SLAs through service aware resource allocation. • Integration with OpenStack KeyStone for single-sign-on authentication • Flexible placement algorithms • Centralized visibility and reporting

Solution Brief

citrix.com


3

ChallengeOpenStack has come a long way in simplifying the provisioning of compute, storage and networking resources as part of an application deployment workflow. Neutron, which is the networking project for OpenStack, automates the creation and management of L2/L3 networks as well as associated L4/L7 network services such as firewall, load balancing and VPN services. While Neutron has made rapid advancement in enabling a self-service consumption model for networking, there still remain several operational gaps that need to be addressed for successfully deploying mission critical workloads using OpenStack and Neutron. Some of these gaps include service aware resource allocation, elasticity on demand, monitoring and visibility, fault tolerance and high availability. It is important that cloud providers have complete control over policies that control these operational characteristics, even in fully automated environments.

SolutionNetScaler’s OpenStack LBaaS solution has been designed to be a truly production grade solution for running business critical applications at scale, and has been built to address all the operational concerns around running infrastructure-as-a-service at scale, without relinquishing flexibility and control.

NetScaler’s OpenStack LBaaS solution is based on a purpose-built orchestration product from Citrix called NetScaler Control Center, which simplifies a lot of the operational complexity involved in deploying LBaaS in OpenStack.

NetScalerSDX/MPX/VPX

Appliances

NetScalerControlCenter

OpenStack Controller Node

ComputeNode

NetworkNode

DatabaseNode

Rabbit–MQNode

HorizonService

GlanceService

NovaService

CinderService

KeystoneService

Neutron Service

OVSPlugin

LinuxBridgePlugin

Vendor XL2/L3Plugin

Vendor YL2/L3Plugin

LBaaS PluginFWaaSPlugin

VPNaaSPluginNetScaler

DriverHAProxy

Driver

Figure 1: OpenStack NetScaler integration architectural overview

NetScaler Control Center provides the following key functions that enable a cloud consumption model for value added NetScaler ADC features, therefore making it easy for cloud providers to offer any NetScaler ADC or security function as a cloud service.

Capacity pooling across all NetScaler infrastructure Pooling infrastructure is the first step in offering infrastructure as a service and forms the underpinning of the economic advantages of the cloud model. NCC is designed to efficiently pool and manage capacity across all NetScaler appliances including physical (MPX), virtual (VPX)

Solution Brief

citrix.com


4

and multi-tenant (SDX) form factors. With no platform restrictions and compatibility with multiple NetScaler firmware versions, NCC based orchestration provides full investment protection to customers with existing NetScaler installed base.

End-to-end automation across all NetScaler appliances NCC is designed to enable a true “as-a-service” model where the complexity of provisioning and deploying ADC functions on a large pool of NetScaler appliances is completely hidden from both the cloud provider as well as the cloud tenant. NCC’s automation capabilities include:

• Auto-instantiation of new VPX appliances as Nova instances as well as SDX instances on-demand, without any manual intervention

• Automation of license allocation on newly launched VPX instances

• Policy based resource allocation to “right-size” the auto-installed instances (both VPX as well as SDX instances)

• Auto provisioning of admin partitions on MPX, SDX and VPX appliances for high density multi-tenancy

• Data plane service insertion – Native intelligence of Neutron and the ability to dynamically attach both VPX and SDX instances to Neutron networks

Authenticates user and authorizes request

Evaluates placement logic

On demand provisioning

Automated across all NetScaler appliance types

Creates new instances and allocates appropriate license as required

Bootstraps instance with management IP address and other meta data info

Attaches the instances to thecorresponding data networks

NetScalerControlCenter

OpenStack tenant creates new LB policy

Figure 2: End to end provisioning workflow

Solution Brief

citrix.com


5

Guaranteed SLAs through service aware resource allocation

Fully Dedicated Instance• Dedicated CPU, memory SSL and throughout

• Version independence

• Maintenance independence

Dedicated Partitions• High density multi-tenancy

• Hardwalled bandwidth, connections and memory

Shared Instances• A single instance can be shared by multiple tenants

Figure 3: Guaranteed SLAs through flexible isolation schemes

Cloud providers need to guarantee performance and availability SLAs to different cloud tenants. NCC provides granular control over ADC resource allocation policies, giving the provider flexibility in creating differentiated SLAs for cloud tenants based on their application’s needs. A simple and intuitive workflow to construct “service packages” for different tenant tiers simplifies the SLA creation process. Service packages can be defined with the following parameters and are customizable per tenant, as detailed below.

• Appliance type – The target appliance on which a logical NetScaler instance for the tenant is created

• Isolation type – Option to choose between fully dedicated instances, shared instances or an individual Admin Partition for each tenant

• Resource hard walling – The amount of CPU, memory and SSL capacity to be allocated for each tenant’s dedicated instance

• Software version – The specific version of NetScaler firmware for each tenant’s dedicated instance—allows for version and upgrade independence between tenants

• HA pair vs single instance – Choice of specifying a single NetScaler instance or an HA pair for each tenant (guarantees availability SLAs for tenants)

Integration with OpenStack KeyStone for single-sign-on authenticationNCC integrates natively with Keystone, OpenStack’s authentication service and can retrieve tenant related information directly from KeyStone. This simplifies tenant specific policy management, and eliminates the overhead and potential security concerns involved with explicitly registering OpenStack tenant credentials with NCC.

Solution Brief

citrix.com


6

Flexible placement algorithmsCloud providers need to have control over the placement of new ADC policies in a fully automated environment consisting of a potentially large fleet of NetScalers. NCC offers a rich set of options for placement algorithms including the following:

• Simple round robin

• Utilization metrics (VIP count, average CPU, SSL, memory, throughput utilization)

• Affinity – Option to create separate device groups to indicate physical affinity to an availability zone, pod, data center or region

• External input – Plug-in mechanism for placement algorithm to be evaluated by provider’s placement algorithm and fed into NCC as input

Centralized visibility and reportingNCC provides a single pane of glass for deep visibility into the operational characteristics of all the NetScaler ADC services running in the OpenStack environment. Information regarding status, statistics and health across a rich set of metrics aids in centralized visibility, monitoring, as well as ease of trouble-shooting. Moreover, granular per-tenant usage metrics are made available for reporting and charge back.

High availabilityThe NetScaler OpenStack LBaaS solution guarantees redundancy through fully automated deployment of NetScaler HA pairs on both virtual as well as physical appliances. Moreover, NCC itself is available as a fully redundant active-standby HA pair with full state synchronization and fault tolerance.

NetScaler VPX on Nova The NetScaler virtual appliance has been optimized for running as a Nova instance, and providers can now launch new NetScaler VPX instances on-demand by simply invoking Nova APIs through automation suites such as OpenStack Heat templates. The virtual appliance supports a couple of different options for auto-bootstrapping the instance, including support for the OpenStack config drive option for obtaining bootstrap information. Support for this exists today on KVM, and will soon be extended over to the Citrix® XenServer® platform as well.

BenefitsNetScaler’s advanced ADC services coupled with NCC’s automation capabilities provides the following benefits for OpenStack LBaaS deployments:

• Full investment protection for customers through the ability to leverage all their current NetScaler installed base (across all NetScaler appliance types) for powering LBaaS in an OpenStack cloud.

0215/PDF

Corporate HeadquartersFort Lauderdale, FL, USA

Silicon Valley HeadquartersSanta Clara, CA, USA

EMEA HeadquartersSchaffhausen, Switzerland

India Development CenterBangalore, India

Online Division HeadquartersSanta Barbara, CA, USA

Pacific HeadquartersHong Kong, China

Latin America HeadquartersCoral Gables, FL, USA

UK Development CenterChalfont, United Kingdom

About CitrixCitrix (NASDAQ:CTXS) is a leader in virtualization, networking and cloud services to enable new ways for people to work better. Citrix solutions help IT and service providers to build, manage and secure, virtual and mobile workspaces that seamlessly deliver apps, desktops, data and services to anyone, on any device, over any network or cloud. This year Citrix is celebrating 25 years of innovation, making IT simpler and people more productive with mobile workstyles. With annual revenue in 2013 of $2.9 billion, Citrix solutions are in use at more than 330,000 organizations and by over 100 million people globally. Learn more at www.citrix.com.

Copyright © 2015 Citrix Systems, Inc. All rights reserved. Citrix, NetScaler and XenServer are trademarks of Citrix Systems, Inc. and/or one of its subsidiaries, and may be registered in the U.S. and other countries. Other product and company names mentioned herein may be trademarks of their respective companies.

Solution Brief

citrix.com 7


• Automated provisioning of both physical and virtual NetScaler instances reduces time to deploy new NetScaler ADC services from hours/days to minutes. NetScaler virtual appliances can be spun up as Nova instances, further simplifying operational complexity of deploying new NetScaler instances.

• Flexible isolation model allows providers to provide differentiated SLAs to cloud tenants ranging from fully dedicated NetScaler instances per tenant to dedicated Admin partitions for high-density multi-tenancy.

• Resource hard-walling support for each isolation model guarantees performance and reliability and eliminates noisy neighbor problems due to shared resources. Providers can reserve CPU, memory, throughput and SSL capacity for dedicated NetScaler instances and throughput, memory and connections for dedicated Admin Partitions.

• Advanced placement algorithms supported by NCC provides the admin full control over the placement of a new ADC function or a new NetScaler instance in a distributed deployment that potentially spans across multiple availability-zones, data centers and regions.

• NCC provides a single pane of glass for centralized visibility and monitoring, as well as for ease of trouble-shooting. Moreover, it provides granular per-tenant metrics for reporting and charge back.

Next stepsThe NetScaler OpenStack solution is available for beta now! Please contact your local account team for more information regarding beta enrolment.

For more information regarding the NetScaler product line, please visit www.citrix.com/netscaler.

http://www.citrix.com

http://www.citrix.com/netscaler

deliver production-grade openstack lbaas with citrix netscaler · deliver production grade...

Documents