Download - Anynines - Building a European PaaS

Building a European Cloud

Mittwoch, 16. Oktober 13

European Cloud?


Hungarian Cloud?


Budapest Cloud?


Your personal Cloud??


The cloud is about sharing.


Spare capacity,Virtualization,

Share spare capacityPay as you go


So why not share globally?


Privacy


Any transfer of personal data of EU citizen to a non-EU

state with a lower data privacy level compared to EU

standards is prohibited.- Directive 95/46/EC


EU Safe Harbor


• is a EU directive

• regulates the processing of personal data within the European Union


U.S. - EU Safe Harbor


• Self(!)-certification process

• = swear to the United States Department of Commerce to comply to EU privacy laws


A memo from the EU commision:


"The Safe Harbour agreement may not be so safe after all."

European CommissionMEMO/13/710 19/07/2013

http://rh.gd/1hBKIrf




Patriot Act


"Uniting (and) Strengthening America (by) Providing Appropriate Tools

Required (to) Intercept (and) Obstruct Terrorism Act of 2001."


• United States federal law

• Significantly enhanced and broadened federal government powers in the realm of

• Electronic Surveillance

• Anti-money laundering

• Border Security, ...


10 Titles of the Patriot Act


• Title I: Enhancing domestic security against terrorism

• Title II: Surveillance procedures

• Title III: Anti-money-laundering to prevent terrorism

• Title IV: Border security

• Title V: Removing obstacles to investigating terrorism

• Title VI: Victims and families of victims of terrorism

• Title VII: Increased information sharing for critical infrastructure protection

• Title VIII: Terrorism criminal law

• Title IX: Improved Intelligence

• Title X: Miscellaneous


Patriot Actbeats

Safe Harbor


Where security meets freedom


The story oflavabit.com


• Encrypted email service (*2004) by Ladar Levison

• Used by Edward Snowden

• Ordered to turn over its SSL private key


Levison's was put to the decision: shutdown or “become complicit in

crimes against the American people”.


Lavabit.com was shut down on August 8, 2013


"This experience has taught me one very important lesson: without

congressional action or a strong judicial precedent, I would strongly

recommend against anyone trusting their private data to a company with

physical ties to the United States".- Ladar Levison, Lavabit.com


• It's not about having data on European servers

• It's not about having a European company


It‘s aboutstaying completely off any US provider and don‘t tie

to the US in person or with your company.


Relying on open source software is a good choice, too.


How to build a European cloud?


Cloud Building


Cloud,a term

that has beenoverdone


IaaSPaaSSaaS


A 2013 proposal for an open source based

Cloud


Hardware


Hardware

Infrastructure as a Service (IaaS)

Servers, Network,Storage


Hardware



PaaS (PaaS)

VMs, Network,Storage


Hardware



PaaS (PaaS)


Applications

CF API (deploy, scale, services, ...)


Hardware


Hardware

OpenStack (IaaS)



Hardware

OpenStack (IaaS)


Cloud Foundry (PaaS)



Hardware

OpenStack (IaaS)


Cloud Foundry (PaaS)


Applications

CF API (deploy, scale, services, ...)


OpenStack


OpenStack architecture


Key-Stone


Nova


Glance


Cinder


Swift


Neutron


OpenStack provides usan IaaS ready to deploy

Cloud Foundry.


Cloud Foundry


• CF = large distributed system

• Inner shell vs. outer shell

• Bosh = Bosh outer shell > deploy CF


SimplifiedCloud Foundry

Architecture


Service(e.g. MySQL)

Services(e.g. MySQL)



RouterRouter

DEA

RouterHealth Manager

RouterCloud Controller

Cloud ControllerDatabase

Get desired states

Request droplet start/stop

DEADEADEADEA

Droplet / Service metadata

API request Droplet request

Droplet changenotifications

Droplet heartbeat & exit messages

Consume a service


Cloud Controller

• Offers the CF API endpoint

• System authority for issuing commands

• Start apps

• Create service

• Binding services

Service(e.g. MySQL)




RouterRouter

DEA




Get desired states


DEADEADEADEA





Consume a service


DEA

• droplet = dea.staging(app_code)

• Staging = executing buildpacks

• Warden

• Starts and runs dropletsService

(e.g. MySQL)Services



(e.g. MySQL)

RouterRouter

DEA




Get desired states


DEADEADEADEA





Consume a service


Health Manager

• compares desired system state with actual system state

• sends advice to CC

• CC actsService(e.g. MySQL)




RouterRouter

DEA




Get desired states


DEADEADEADEA





Consume a service


Router

• knows on which DEAs your app instances are

• routes incoming requests to the right DEAs

Service(e.g. MySQL)




RouterRouter

DEA




Get desired states


DEADEADEADEA





Consume a service


Services

• Create service = provision

• Bind = create credentials

• Apps bind to services

• Credentials as ENV variables

Service(e.g. MySQL)




RouterRouter

DEA




Get desired states


DEADEADEADEA





Consume a service


What you get?


Questions?


Thank you!


Coderequire "fileutils"

require "find"

require "fog"

class Blobstore

def initialize(connection_config, directory_key, cdn=nil, root_dir=nil)

@root_dir = root_dir

@connection_config = connection_config

@directory_key = directory_key

@cdn = cdn

end

def local?

@connection_config[:provider].downcase == "local"

end

def exists?(key)

!file(key).nil?

end

def download_from_blobstore(source_key, destination_path)

FileUtils.mkdir_p(File.dirname(destination_path))

File.open(destination_path, "w") do |file|

(@cdn || files).get(partitioned_key(source_key)) do |*chunk|

file.write(chunk[0])

end

end

end

def cp_r_to_blobstore(source_dir)

Find.find(source_dir).each do |path|

next unless File.file?(path)

sha1 = Digest::SHA1.file(path).hexdigest

next if exists?(sha1)

cp_to_blobstore(path, sha1)

end

end

def cp_to_blobstore(source_path, destination_key)

File.open(source_path) do |file|


Download - Anynines - Building a European PaaS

Top Related