Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Bbva bank on Open Stack

BBVA Bank on OpenStack



Due to unproven scalability and security concerns, enterprises take a ‘wait and see’ approach to Open Source deployments much less OpenStack. Yet, not only are these deployments feasible but also can yield substantial multi tenant efficiency, agility, speed, dynamic and security advantages over legacy frameworks. While a hybrid cloud approach is quite popular for agile services delivery, for some enterprise segments a private cloud is essential in order to comply with regulations.



In this session, we will explore how Banco Bilbao Vizcaya Argentaria SA (BBVA), a Spain-based global financial group, banks on OpenStack. BBVA has designed an automated, multi tenant service Cloud that provides:

Efficient, granular security: Via a global policy framework from Nuage Networks

Agility: Via utilization of KVM as a virtualization hypervisor

Speed: Provisioning and delivery of services in near real-time via the RedHat OpenStack distribution



Moreover, we show the integration of Neutron based on external SDN overlay solutions in order to improve the networking and security functionalities.


This will be an eye-opening session – you can bank on it! (Seguro que si!)

  • Inicia sesión para ver los comentarios

Bbva bank on Open Stack

  1. 1. BBVA Bank on OpenStack OpenStack Summit Paris, November 2014 Jose Maria San José, Jose Luis Lucas, Daniel Chavero,
  2. 2. 1Introduction
  3. 3. Vision Why hasn’t a bank 1B customers? Because we can’t
  4. 4. 2Vision
  5. 5. Vision: Let’s go Cloud! ● Cloud sets up self provisioning infrastructure ● Hybrid Cloud allows unlimited elasticity (no constraints) ● Active-Active Hybrid Cloud boosts resilience ● Hybrid data model (sensitive aware) ensures privacy ● Programmable automation simplifies management
  6. 6. BBVA BBVA It's a Cloud World BBVA Datacenter BBVA DMZ ES MX US physical constraints Z Long term transfer Amazon Google Manage-ment & Support no constraints business model constraints
  7. 7. New lifecycle SecDevOps Cooperation Deployment Package Tested Deployment Package Evolved Deployment Package Development Testing Production Maintenance Cloud Catalog (Virtual Machines, SW packages, SW Developments)
  8. 8. Strategic Roadmap Private Cloud Cultural engagement. Assure sustainability of IT DevOps Adoption Improve speed of development and deployment without flaws. Hybrid Cloud Internet-scale infrastructure. High Value Applications Web-scale applications on top of Liberty and Hydra. Cloud Consolidation Migrate internal process and applications to internal cloud.
  9. 9. 3OpenStack
  10. 10. 3 - OpenStack: the beginnings. ● Our goals. ● Previous experience in public clouds. ● Why OpenStack? ● Why RedHat? ● How are we planning to use it?
  11. 11. 3 - OpenStack: there we go! ● Environments: PRE and PRO. ● Enclosures with Virtual Connects o HP Blades, Proliant BL 660c o Intel Xeon E5-2660 ● Cloud Controller & Compute & Admin: o 256Gb RAM ● Swift: o 64Gb RAM & 12 HDD 1,2Tb ● Cinder & Glance: o NetApp NFS
  12. 12. 3 - OpenStack: there we go! ● Infrastructure deployment: Foreman + Puppet (Staypuft)
  13. 13. 3 - OpenStack: there we go! ● Infrastructure deployment: Foreman + Puppet
  14. 14. 3 - OpenStack: technical details Router Inet B Router Inet A Internet OpenStack
  15. 15. Firewall Foreman Management OpenStack BBVA Internal Management NFS Storage Migration RHEV - NFS Nagios Internet Security stuff DMZ/Endpoint Log collector Firewall Route r Service subnet RHEV DNS/NTP
  16. 16. Firewall Foreman OpenStack components: Swift Management OpenStack BBVA Internal Management NFS Storage RHEV - NFS Nagios Internet Security stuff Swift DMZ/Endpoint Log collector Firewall Route r Service subnet RHEV ● Cinder ● Glance ● Swift DNS/NTP Migration
  17. 17. Firewall Foreman Swift Management OpenStack BBVA Internal Management WAF NFS Storage RHEV - NFS Nagios Internet Security stuff Cloud Controller Endpoint API Swift DMZ/Endpoint Horizon Load Balancer Log collector Firewall Route r Load Balancer Service subnet OpenStack components: ● Cinder ● Glance ● Swift ● Horizon ● Keystone ● Cloud Controller DNS/NTP MySQL RabbitMQ RHEV Migration
  18. 18. Firewall Foreman Swift Management OpenStack BBVA Internal Management WAF NFS Storage RHEV - NFS Nagios Internet Security stuff Cloud Controller Endpoint API Swift DMZ/Endpoint Horizon Load Balancer Log collector Firewall Route r Load Balancer Service subnet RHEV Hey!… what about Neutron? OpenStack components: ● Cinder ● Glance ● Swift ● Horizon ● Keystone ● Cloud Controller ● Nova ● Neutron??? DNS/NTP Nova Compute + KVM + VRS MySQL RabbitMQ Migration
  19. 19. 4SDN
  20. 20. 4 - SDN: Motivation ● Security Team needs to enforce security at all deployment stages automatically. ● Programmability of network functions to automate deployments. ● Growth capabilities between data centers. ● It’s a good point to introduce SDN into the organization.
  21. 21. 4 - SDN: Why Nuage? ● Domain Templates. ● Users roles. ● Automation. ● Consumable via REST API. ● Openstack integration via neutron plugin. ● dVRS (Distributed Routing and Switching). ● Hypervisor agnostic solution.
  22. 22. 4 - SDN: Openstack integration ● Virtualized Services Platform (VSP): ○ Virtualized Services Directory (VSD). ○ Virtualized Services Controller (VSC). ○ Virtual Routing and Switching (VRS). ○ Virtualized Services Gateway (VSG). ● Neutron plugin. ● Basic vs. Advanced mode integration. ● Floating-IPs. ● Horizon customization.
  23. 23. 4 - SDN: Openstack integration. Firewall VSG Internet Data Cloud Controller Nova Compute DMZ VSC Management OpenStack Router Transit network VSD Load Balancer + WAF VRS VRS Nova Compute ... Neutron Plugin
  24. 24. 4 - SDN: Openstack integration (VSD). Firewall VSG Internet Data Cloud Controller Nova Compute DMZ VSC Management OpenStack Router VSD Load Balancer + WAF VRS VRS Nova Compute REST API / WEB GUI ... Neutron Plugin Transit network
  25. 25. 4 - SDN: Openstack integration (VSD). Firewall VSG Internet Data XMPP Cloud Controller Nova Compute DMZ VSC Management OpenStack Router VSD Load Balancer + WAF VRS VRS Nova Compute ... Neutron Plugin Transit network
  26. 26. 4 - SDN: Openstack integration (VSC). Firewall VSG Internet Data Cloud Controller Nova Compute DMZ VSC Management OpenStack Router VSD Load Balancer + WAF VRS VRS Nova Compute ... Neutron Plugin Open Flow Transit network
  27. 27. 4 - SDN: Openstack integration (VSC). Firewall VSG Internet Data Cloud Controller Nova Compute DMZ VSC Management OpenStack Router VSD Load Balancer + WAF VRS VRS Nova Compute ... Neutron Plugin MP-BGP Transit network
  28. 28. 4 - SDN: Openstack integration (VRS). Firewall VSG Internet Data Transit network Cloud Controller Nova Compute DMZ VSC Management OpenStack Router VSD Load Balancer + WAF VRS VRS Nova Compute ... Neutron Plugin VXLAN
  29. 29. 4 - SDN: Openstack integration (VSG). Firewall VSG Internet Data Break out Cloud Controller Nova Compute DMZ VSC Management OpenStack Router VSD Load Balancer + WAF VRS VRS Nova Compute ... Neutron Plugin VXLAN
  30. 30. 4 - SDN: Openstack integration (Plugin) Firewall VSG Internet Data Cloud Controller Nova Compute DMZ VSC Management OpenStack Router VSD Load Balancer + WAF VRS VRS Nova Compute ... Neutron Plugin REST API Transit network
  31. 31. 4 - SDN: Openstack integration (Custom)
  32. 32. 4 - SDN: Openstack integration (Custom)
  33. 33. 4 - SDN: Openstack integration (Custom)
  34. 34. 4 - SDN: Openstack integration (Custom)
  35. 35. 4 - SDN Security based on Nuage ● ACL and policies applied on different network levels. ● Service chaining.
  36. 36. 5Lesson Learned & Next Steps
  37. 37. 5 - Lessons learned. ● Internal process to be adapted to consume the Openstack services. ● Difficult to deploy with department silos, is better a “one-team” approach, multi disciplinar.
  38. 38. 5 - Next steps ● Icehouse > Juno or kilo ● Dockers ● Ceph ● ...
  39. 39. 5 - One Team, SecDevOps Crew ;) ● Alberto Morgante Medina (Security) ● Leticia García Martín (Security) ● Mariano Ruiz Muñoz (Storage) ● German Moya Olmedo (IT) ● Vicente Miranda Cagigas (IT) ● Alberto Martín (IT) ● Helena Cornic Giron (Networking) ● Cesar Martinez Segura (Networking) ● Enrique Garcia Pablos (Innovation) ● Karim Boumedhel (RedHat) ● Oscar Martin Vega (Nuage Networks) ● Francisco Alcantara Hernandez (Nuage Networks) ● Phillipe Jeurissen (Nuage Networks)
  40. 40. Thank you!
  41. 41. Full presentation in youtube: http://www.youtube.com/watch?v=PESWFDPbexs Summary keynote: http://www.youtube.com/watch?v=Pp2TiOKjWLY

×