BBVA Bank on OpenStack
Due to unproven scalability and security concerns, enterprises take a ‘wait and see’ approach to Open Source deployments much less OpenStack. Yet, not only are these deployments feasible but also can yield substantial multi tenant efficiency, agility, speed, dynamic and security advantages over legacy frameworks. While a hybrid cloud approach is quite popular for agile services delivery, for some enterprise segments a private cloud is essential in order to comply with regulations.
In this session, we will explore how Banco Bilbao Vizcaya Argentaria SA (BBVA), a Spain-based global financial group, banks on OpenStack. BBVA has designed an automated, multi tenant service Cloud that provides:
Efficient, granular security: Via a global policy framework from Nuage Networks
Agility: Via utilization of KVM as a virtualization hypervisor
Speed: Provisioning and delivery of services in near real-time via the RedHat OpenStack distribution
Moreover, we show the integration of Neutron based on external SDN overlay solutions in order to improve the networking and security functionalities.
This will be an eye-opening session – you can bank on it! (Seguro que si!)
6. Vision: Let’s go Cloud!
● Cloud sets up self provisioning infrastructure
● Hybrid Cloud allows unlimited elasticity (no constraints)
● Active-Active Hybrid Cloud boosts resilience
● Hybrid data model (sensitive aware) ensures privacy
● Programmable automation simplifies management
7. BBVA BBVA
It's a Cloud World
BBVA Datacenter
BBVA DMZ
ES MX US
physical constraints
Z
Long
term
transfer
Amazon
Google
Manage-ment
&
Support
no constraints
business
model
constraints
8. New lifecycle
SecDevOps
Cooperation
Deployment
Package
Tested
Deployment
Package
Evolved
Deployment
Package
Development Testing Production Maintenance
Cloud Catalog (Virtual Machines, SW packages, SW Developments)
9. Strategic Roadmap
Private Cloud
Cultural engagement.
Assure sustainability of IT
DevOps Adoption
Improve speed of development and deployment without flaws.
Hybrid Cloud
Internet-scale infrastructure.
High Value Applications
Web-scale applications on top of Liberty and Hydra.
Cloud Consolidation
Migrate internal process and applications to internal cloud.
11. 3 - OpenStack: the beginnings.
● Our goals.
● Previous experience in public clouds.
● Why OpenStack?
● Why RedHat?
● How are we planning to use it?
12. 3 - OpenStack: there we go!
● Environments: PRE and PRO.
● Enclosures with Virtual Connects
o HP Blades, Proliant BL 660c
o Intel Xeon E5-2660
● Cloud Controller & Compute & Admin:
o 256Gb RAM
● Swift:
o 64Gb RAM & 12 HDD 1,2Tb
● Cinder & Glance:
o NetApp NFS
13. 3 - OpenStack: there we go!
● Infrastructure deployment: Foreman + Puppet (Staypuft)
14. 3 - OpenStack: there we go!
● Infrastructure deployment: Foreman + Puppet
15. 3 - OpenStack: technical details
Router
Inet B
Router
Inet A
Internet
OpenStack
16. Firewall
Foreman
Management OpenStack
BBVA
Internal Management
NFS
Storage
Migration
RHEV - NFS
Nagios
Internet
Security
stuff
DMZ/Endpoint
Log
collector
Firewall
Route
r
Service subnet
RHEV
DNS/NTP
17. Firewall
Foreman
OpenStack components:
Swift
Management OpenStack
BBVA
Internal Management
NFS
Storage
RHEV - NFS
Nagios
Internet
Security
stuff
Swift
DMZ/Endpoint
Log
collector
Firewall
Route
r
Service subnet
RHEV
● Cinder
● Glance
● Swift
DNS/NTP
Migration
18. Firewall
Foreman
Swift
Management OpenStack
BBVA
Internal Management
WAF
NFS
Storage
RHEV - NFS
Nagios
Internet
Security
stuff
Cloud
Controller
Endpoint API
Swift
DMZ/Endpoint
Horizon
Load
Balancer
Log
collector
Firewall
Route
r
Load
Balancer
Service subnet
OpenStack components:
● Cinder
● Glance
● Swift
● Horizon
● Keystone
● Cloud Controller
DNS/NTP
MySQL
RabbitMQ
RHEV
Migration
19. Firewall
Foreman
Swift
Management OpenStack
BBVA
Internal Management
WAF
NFS
Storage
RHEV - NFS
Nagios
Internet
Security
stuff
Cloud
Controller
Endpoint API
Swift
DMZ/Endpoint
Horizon
Load
Balancer
Log
collector
Firewall
Route
r
Load
Balancer
Service subnet
RHEV
Hey!… what
about Neutron?
OpenStack components:
● Cinder
● Glance
● Swift
● Horizon
● Keystone
● Cloud Controller
● Nova
● Neutron???
DNS/NTP
Nova
Compute +
KVM + VRS
MySQL
RabbitMQ
Migration
21. 4 - SDN: Motivation
● Security Team needs to enforce security at all deployment
stages automatically.
● Programmability of network functions to automate
deployments.
● Growth capabilities between data centers.
● It’s a good point to introduce SDN into the organization.
38. 5 - Lessons learned.
● Internal process to be adapted to consume the Openstack
services.
● Difficult to deploy with department silos, is better a “one-team”
approach, multi disciplinar.
39. 5 - Next steps
● Icehouse > Juno or kilo
● Dockers
● Ceph
● ...
40. 5 - One Team, SecDevOps Crew ;)
● Alberto Morgante Medina (Security)
● Leticia García Martín (Security)
● Mariano Ruiz Muñoz (Storage)
● German Moya Olmedo (IT)
● Vicente Miranda Cagigas (IT)
● Alberto Martín (IT)
● Helena Cornic Giron (Networking)
● Cesar Martinez Segura (Networking)
● Enrique Garcia Pablos (Innovation)
● Karim Boumedhel (RedHat)
● Oscar Martin Vega (Nuage Networks)
● Francisco Alcantara Hernandez (Nuage Networks)
● Phillipe Jeurissen (Nuage Networks)