Jump to: navigation, search

Karbor

Revision as of 04:03, 27 April 2016 by Ficoos (talk | contribs) (What is Smaug?)

What is Smaug?

Not to be confused with Application Security or DLP, Smaug deals with protecting the Data and Meta-Data that comprises an OpenStack-deployed Application (what is referred to as "Project" in Keystone terminology) against loss/damage (e.g. backup, replication). It does that by providing a standard framework of APIs and services that enables vendors to introduce various data protection services into a coherent and unified flow for the user.

We named it Smaug after the famous dragon from J.R.R. Tolkien’s “The Hobbit”, which was known to guard the treasures of the kingdom of Erebor, as well as have specific knowledge on every item in its hoard. Unlike its namesake, our Smaug is designed to give a simple and user-friendly experience, and not burn a user to a crisp when they want to recover a protected item.

The main concept behind Smaug is to provide protection of an entire OpenStack project, across OpenStack sites (or with a single local site).

Lets take a typical 3-tier cloud app:

Sample 3 tier application

In order to fully protect such a deployment (e.g. Disaster Recovery), we would have to protect many resources, which have some dependency between them.

The following diagram shows how such a dependency tree might look:

Depency graph of the sample application

In Smaug, we defined a plugin engine that loads a protection plugin for each resource type. Then, we let the user create a Protection Plan, which consists of all the resources she wants to protect.

These resources can be divided into groups, each of which is handled by a different plugin in Smaug:

  • Volume - Typically, a block of data that is mapped/attached to the VM and used for reading/writing
  • VM - A deployed workload unit, usually comprised of some metadata (configuration, preferences) and connected resources (dependencies)
  • Virtual Network - The virtual network overlay where the VM runs
  • Project - A group of VMs and their shared resources (e.g. networks, volumes, images, etc.)
  • Image - A software distribution package that is used to launch a VM

Smaug Highlights

Open Architecture

Vendors create plugins that implement Protection mechanisms for different OpenStack resources.

User perspective: Protect Application Deployment

Users configure and manage custom protection plans on the deployed resources (topology, VMs, volumes, images, …). The user selects a "Protection Provider" from a selection of available Protection Providers, which is maintained and managed by the admin.

Admin perspective: Configure Protection Providers

The Admin defines which Protection Providers are available to the users. A "Protection Provider" is basically a bundle of per-resource protection plugins and a bank, which are curated from the total available protection plugins and bank plugins. In addition, the Admin configures a Bank Account for each user (tenant).

File:Smaug-provider-example
Smaug provider example
Retrieved from "https://wiki.openstack.org/w/index.php?title=Karbor&oldid=124419"