Last week we marked the general availability of our Red Hat OpenStack Platform 8 release, the latest version of Red Hat’s highly scalable IaaS platform based on the OpenStack community “Liberty” release. A co-engineered solution that integrates the proven foundation of Red Hat Enterprise Linux with Red Hat’s OpenStack technology to form a production-ready cloud platform, Red Hat OpenStack Platform is becoming a gold standard for large production OpenStack deployments. Hundreds of global production deployments and even more proof-of-concepts are underway, in the information, telecommunications, financial sectors, and large enterprises in general. Red Hat OpenStack Platform also benefits from a strong ecosystem of industry leaders for transformative network functions virtualization (NFV), software-defined networking (SDN), and more.
From Community Innovation to Enterprise Production
The path for delivering a production-ready cloud platform, starts in the open source communities that can typically innovate far more effectively than traditional R&D labs. At Red Hat we bring customers, partners, and developers into communities of purpose to solve shared problems together. Red Hat also contributes a lot of code to the OpenStack project to help drive more community development that generally results in a higher feature velocity that enterprise customers need, with a faster time to market compared to proprietary software. When useful OpenStack technology emerges, we test it, harden it, and make it more secure and reliable.
However, enterprise grade is not limited to the OpenStack platform testing and hardening it also requires that any hardware or software vendors plugins you will connect to it will work properly, while maintaining the production stability. The Red Hat OpenStack Platform certification program makes sure that our broad ecosystem of hardware and software providers are successfully tested and verified for production use.
When we look at what it takes to support OpenStack production-ready customers globally, it is not just limited to the vendor’s ability to stand behind the software code and fix critical bugs or security vulnerabilities throughout the software stack. It also requires driving innovation that corresponds to our customer’s use cases, influence strategy and direction of the project, as well as enable partner collaboration. To listen to the needs of our customers and drive open innovation in the upstream community is one of the key benefits to Red Hat’s subscription value proposition.
The good news is that this model is not new to us at Red Hat - in fact we’ve been following this model now for nearly 20 year in open source. All of these efforts allow us to swiftly move from project to product, and create a production-ready distribution with a certified ecosystem, enterprise lifecycle, and world-class support that customers expect from trusted technology partner.
Our Production Standards
OpenStack-based private clouds are rapidly becoming the standard in scalable enterprise computing, but what about production standards? Can users really go ahead and deploy in production any new OpenStack service or feature that has just landed in the latest upstream as is? Does the fact that a new API passed the upstream continuous integration gates really mean it passed the “enterprise-readiness” production bar?
Not quite. For instance, some of the OpenStack new features take more than one cycle to complete, so a basic API may get introduced in a new release and then modified in following releases until it finishes the readiness line. For example, a new API was introduced in Cinder, but without cinder-client support. So the feature cannot be really used by customer, let alone properly tested as an end to end feature. Some features are introduced in one OpenStack service but may depend on the implementation in another OpenStack service to actually mark the feature as completed (such is the case of supporting booting an instance from encrypted volume in Nova that may be blocked until a proper support is in place in Cinder, or the ability to attach a single volume to multiple hosts that was introduced in Cinder in the Kilo release and is still gated by Nova to support Cinder's multi-attach capability.
Among the big changes in the OpenStack community which occurred during the Liberty release cycle, is a shift from the integrated release model to a "Big Tent” model including more and more cloud projects under the OpenStack "umbrella”, providing many different types of capabilities. That said, what about the production-level standard of new big tent projects?
Thanks to the OpenStack foundation, we now have a new tagging system to help indicate stability and sustainability of the projects, however when we have to graduate new projects in our distribution, we have set a very strict process to verify that projects and features are production-grade before we add them to our products. Our process first requires introducing projects in RDO, our community-based distribution of OpenStack. Then, once integration is complete, we ensure that it meets our maturity criteria for features such as security compliance, proper services high-availability and upgradability, before announcing them in technology preview in Red Hat OpenStack Platform. This way our users can help us verify our assessment, before making them fully supported.
Meet Red Hat OpenStack Platform 8
The latest release, Red Hat OpenStack Platform 8, is a great example of all of these efforts that Red Hat puts into each release. Version 8 is packed with hundreds of new features and fixes, with many new additional functionality updates.
Here is a taste of some of this release top new features:
- Red Hat OpenStack Platform director now includes
- Automated upgrades and updates
- Red Hat OpenStack Platform 8 is the first version offering that supports an in-place upgrade from version 7 to version 8 as well as, in the future, from version 8 to version 9. The new Red Hat OpenStack Platform director release also supports automated live updates to allow users to update to new minor releases (e.g. 8.0 → 8.1). It automatically performs the necessary system-wide updates to both the core OpenStack services, as well as the director tool itself, helping to deliver a healthy and stable OpenStack cloud while minimizing downtime.
- SSL support for Red Hat OpenStack Platform components deployed on nodes in your cloud.
- IPv6 support for the “undercloud” (the deployment component of director), as well as the production “overcloud” (single stack)
- Broader network vendors support such as Cisco N1KV, Nexus 9K and UCSM ML2 plugins as well as Big Switch Networks ML2 plugin, LLDP, and bonding support.
- Automated upgrades and updates
- Includes hybrid cloud management with Red Hat CloudForms
- Use Red Hat CloudForms for lifecycle and operational management over OpenStack infrastructure and workloads. CloudForms can manage Linux and Windows workloads running on top of OpenStack, including lifecycle management, usage monitoring and reporting, multi-node orchestration, governance and policy-based access control, and more.
- Red Hat OpenStack Platform director now includes
- Network quality of service (QoS): providing an extensible API and reference implementation for dynamically defining per-port and per-network QoS policies. This enables OpenStack tenant administrators to offer different service levels based on application needs and available bandwidth.
- Role-based access control (RBAC) for networks: provides more fine-grained permissions for sharing networks between tenants. Historically OpenStack networks were either shared between all tenants (public) or not shared at all (private). Liberty now allows a specific set of tenants to attach instances to a given network, or even to disable tenants from creating networks – instead limiting access to pre-created networks corresponding to their assigned project(s).
- Rapid Spanning Tree Protocol Support (IEEE 802.1D-2004), allowing faster convergence after topology changes.
- Version 8 adds several new and critical technology preview (unsupported) features focused on improving Network Virtualization Functions. With this release there is more assured predictable latency with real-time KVM, improved network I/O performance with DPDK- accelerated Open vSwitch v2.4.0 release; and an OpenDaylight networking plugin for customers intending to build a software-defined network.
- Improved Network Performance:The libvirt driver has been enhanced to enable virtio-net multiqueue for instances. With this feature on, workload is scaled across vCPUs, thereby allowing for increased network performance.
- Disk QoS (Quality of Service) when using Ceph RBD (RADOS block device) storage. Among other things, sequential read or write limitation, and total allowed IOPS or bandwidth for a guest can be configured.
- Mark host down API enhancements: supports external high-availability solutions, including pacemaker, in the event of compute node failure. This new API call provides improved instance resiliency by giving external tools a faster path to notifying OpenStack Compute of a failure and initiating evacuation.
- Generic volume migration: adds the ability to migrate workloads from iSCSI to non-iSCSI storage back ends, with more drivers to perform migration including Ceph RBD.
- Generic Image Cache - With this new feature backends are able to use cached glance images when creating volumes from images.
- Volume Replication API: Cinder now allows block level replication between storage back ends. This simplifies OpenStack disaster recovery by allowing administrators to enable volume replication and failover.
- Nondisruptive backups: Allows the backup of volumes while they are still attached to instances by performing the backup from a temporary attached snapshot. This eases backups for administrators and offers a less disruptive solution to end users.
- Red Hat Ceph Storage integration: To support OpenStack scale-out infrastructure requirements, Red Hat’s massively scalable, software-defined storage solution, is now included with Red Hat OpenStack Platform, offering a permanent 64 terabytes of highly flexible object and block storage. The most popular storage solution for OpenStack clouds provides users with a single, efficient platform to support the demanding storage needs of an OpenStack-based cloud.
Security features and Identity management
- New Image signing and encryption: helps to protect against image tampering by providing greater integrity with signing and signature validation of bootable images.
- Better Identity management: Introducing a simplified web Single Sign On with new ability to specify individual identity providers (IDPs), while helping to prevent “man in the middle” attacks, as well as improved SAML assertion to allow identification of unique individual users.
And of course, this is only a sampling of the key features added to version 8. Be sure to read the press release, visit the web page for product details, or checkout the release notes for more details.