PDF

Cloud computing v OpenStack
Gii thiu Cloud computing

v trin khai trn OpenStack
Thc hin:
L Minh Ch
Nguyn Sn Tng
Thng 4/2012
Page 1

Contents
Thut ng vit tt......................................................................................................................... 4
Tm lc ..................................................................................................................................... 5
Phn 1: Cloud Computing v cc gii php...................................................................................... 6
I. Cloud computing.................................................................................................................... 6
1. Gii thiu v in ton m my..................................................................................... 6
2. Nhng li ch ca in ton m my.............................................................................. 7
3. Cc cng ngh o ha (Virtualization Technologies) ............................................................. 8
Full-virtualization:.............................................................................................................. 8
Para-virtualization ........................................................................................................... 10
OS-level virtualization (Isolation) ...................................................................................... 10
4. Hng tip cn Cloud computing s dng cng c ngun m ......................................... 11
II. Cc gii php m ngun m cho m hnh in ton m my................................................ 11
1. Eucalyptus ...................................................................................................................... 14
2. OpenNebula .................................................................................................................... 14
3. Nimbus ........................................................................................................................... 14
4. Xen Cloud Platform (XCP) .............................................................................................. 14
5. AbiCloud ........................................................................................................................ 14
6. OpenStack....................................................................................................................... 14
Phn 2: OpenStack...................................................................................................................... 15
I. Amazon Web Service - ngun cm hng cho s ra i ca Openstack..................................... 15
II. Gii thiu v OpenStack Projects.......................................................................................... 18
1. Lch s v Openstack........................................................................................................ 18
2. Tng quan v Openstack .................................................................................................. 19
2.1. Cc phin bn ca OpenStack .................................................................................... 19
2.2. OpenStack Diablo...................................................................................................... 19
2.1.1. OpenStack compute............................................................................................ 22
2.1.2. OpenStack Object Storage ................................................................................... 25
2.1.3. OpenStack Image Service .................................................................................... 28
2.1.4. OpenStack Dashboard (Horizon) OpenStack Identity ............................................ 30
II. M hnh trin khai OpenStack.............................................................................................. 31
1. Cc cng c s dng ........................................................................................................ 31
2. Cc bc ci t trong th nghim................................................................................... 32
** Ci t MySql server.................................................................................................... 32
Thng 4/2012
Page 2

** Ci t cc gi c bn nh unzip, rabbitmq-server, euca2tools... ................................... 32
** Ci t v cu hnh Glance ........................................................................................... 32
** Ci t v cu hnh Nova ............................................................................................. 32
** To mt Nova project.................................................................................................. 33
** To cc chng ch (credential) access key. .................................................................... 33
** Upload image v khi chy instance ............................................................................. 33
** Ci t v cu hnh Swift.............................................................................................. 33
Phn 3: Security trong Cloud computing ................................................................................... 35
I. CSA ..................................................................................................................................... 35
1. Qun l trong CC (5 phn) ................................................................................................ 35
2. Hot ng trong CC (8 phn) ............................................................................................ 35
II. NIST.................................................................................................................................... 36
III. Cc nghin cu t cc trng i hc.................................................................................. 36
1. Information Security Policies ............................................................................................ 37
2. Cloud RAS issues.............................................................................................................. 37
2.1. Data Leakage ............................................................................................................ 37
2.2. Cloud security issues ................................................................................................. 38
IV. Cc gii php security cho m hnh Cloud Computing........................................................ 38
1. Access control and management ...................................................................................... 38
2. Cc bin php i ph khi xy ra cc vn v security ..................................................... 39
3. DDoS............................................................................................................................... 39
III. OpenStack Security............................................................................................................. 40
Phn 4: Tng kt......................................................................................................................... 41
**** Nhng vic t c.................................................................................................. 41
**** Nhng vic cha t c .............................................................................................. 41
**** K hoch trong vic th nghim k tip ........................................................................... 42
Ph lc:...................................................................................................................................... 43
Ph lc 1: Tutorial ci t OpenStack trn Ubuntu 11.10 64 bits ................................................ 43
Ph lc 2: Mt s link tham kho khc ..................................................................................... 43
References: ................................................................................................................................ 44
Thng 4/2012
Page 3

Thut ng vit tt
CC
Cloud computing
IaaS
Infrastructure as a Service
PaaS
Platform as a Service
SaaS
Software as a Service
CSA
Cloud Security Alliance
SLA
Service Level Agreement
NIST
National Institute of Standard and Technology
AWS
Amazon Web Service
HH
H iu Hnh
VMM
Virtual Machine Monitor
Thng 4/2012
Page 4

Tm lc
Cloud computing (CC) ang l ch c bn lun si ni nht hin nay, cc cng ngh
lin quan n 'cloud' nhn c rt nhiu quan tm t ngi dng v doanh nghip. c
kh nhiu sn phm thng mi cng nh ngun m min ph c gii thiu cung cp cho
ngi dng kh nng xy dng cc thnh phn ca CC, t h tng IaaS n PaaS v SaaS.
Tuy nhin tt c vn ang trong qu trnh pht trin, s rt sai lm nu ch nghe theo qung
co t cc nh cung cp . c nhn xt chnh xc v chi tit hn v hin trng ca cc
sn phm ny, cch tt nht l hy th nghim chng.
Mt trong nhng u im ca CC l n s dng hiu qu hn cc ti nguyn t h thng vt
l v hiu sut s dng nng lng cao hn. IaaS chnh l thnh phn quan trng nht gip
cho CC thc hin c iu ny. L thnh phn qun l h tng v phn cng, mng v phn
phi li cc ti nguyn ny, IaaS chnh l phn cung cp cho ngi dng kh nng xy dng
h tng c s cho m my ring ca h (Private Cloud).
Trong bo co ny nhm xin trnh by mt s th nghim bc u v mt trong nhng IaaS
ang c quan tm nht hin nay: Openstack. L mt d n ngun m c tham gia bi
hn 160 cng ty ln trn th gii, Openstack mang n cho cc doanh nghip kh nng xy
dng cc m my ring phc v cho cng vic ni b hoc ln hn l m my cung cp
dch v lin quan ti CC.
Trong phn u ca bo co s gii thiu mt s khi nim v CC v cc cng ngh o ha.
Phn tip theo xin c trnh by v Openstack, cc cng vic th nghim v kt qu t
c. Phn cui s phn tch security trong mt h thng CC hon chnh so snh nh gi
vi OpenStack. Cc ti liu tham kho cng nh hng dn chi tit v ci t, cu hnh...
c nh km trong phn ph lc tham kho.
Thng 4/2012
Page 5

Phn 1: Cloud Computing v cc gii php
I. Cloud computing
1. Gii thiu v in ton m my
in ton m my (cloud computing) hay cn gi l in ton my ch o ni cc tnh ton

c nh hng dch v v pht trin da vo Internet. C th hn, trong m hnh in
ton m my, tt c cc ti nguyn, thng tin, v software u c chia s v cung cp cho
cc my tnh, thit b, ngi dng di dng dch v trn nn tng mt h tng mng cng
cng (thng l mng Internet) [1, 2]. Cc users s dng dch v nh c s d liu, website,
lu tr, trong m hnh cloud computing khng cn quan tm n v tr a l cng nh cc
thng tin khc ca h thng mng m my - in ton m my trong sut i vi ngi
dng.
Ngi dng cui truy cp v s dng cc ng dng m my thng qua cc ng dng nh
trnh duyt web, cc ng dng mobile, hoc my tnh c nhn thng thng. Hiu nng s
dng pha ngi dng cui c ci thin khi cc phn mm chuyn dng, cc c s d liu
c lu tr v ci t trn h thng my ch o trong mi trng in ton m my trn
nn ca data center.
Data center l thut ng ch khu vc ch server v cc thit b lu tr, bao gm ngun in v cc thit b khc
nh rack, cables, c kh nng sn sng v n nh cao. Ngoi ra cn bao gm cc tiu ch khc nh: tnh
module ha cao, kh nng m rng d dng, ngun v lm mt, h tr hp nht server v lu tr mt cao [3].
Hnh bn di m t mt nh ngha v CC bao gm 5 tnh nng chnh, vi 4 m hnh trin

khai, v 3 m hnh dch v.
Thng 4/2012
Page 6

Hnh 1: Tng quan Cloud Computing (NIS T)
5 tnh nng trong CC ty thuc vo m hnh trin khai thc t c th khc nhau. V d
trong m hnh private cloud, ti nguyn c s dng bi ch 1 doanh nghip th tnh
nng On-demand service hay resource pool s khc so vi cc m hnh khc.
o
o
o
o
o
[4]
Rapid elasticity: nh cung cp CC d dng ch nh cng nh thu hi ti nguyn

ngi dng rt nhanh chng. V pha ngi dng c php yu cu mt ti nguyn
khng gii hn v ch vic chi tr theo tin.
Broad network access: truy cp vo cc ti nguyn my tnh d dng thng qua cc
c ch network tiu chun.
Measured service: provider m bo vic tnh ton lng tiu dng ca khch hng.
M hnh hng n l pay as you go.
On-demand self-service: cho php khch hng ty chnh ti nguyn s dng m
khng cn phi thng bo hay qua bt k s can thip no ca provider.
Resource pooling: cc loi ti nguyn vt l v o ca CC c chia s vi nhau v
t ng cp cho cc users.
C 3 m hnh trin khai in ton m my chnh l public (cng cng), private

(ring), v hybrid (lai gia m my cng cng v ring). m my cng cng l
m hnh m my m trn , cc nh cung cp m my cung cp cc dch v nh
ti nguyn, platform, hay cc ng dng lu tr trn m my v public ra bn ngoi.
Cc dch v trn public cloud c th min ph hoc c ph [5]. m my ring th cc
dch v c cung cp ni b v thng l cc dch v kinh doanh, mc ch nhm
n cung cp dch v cho mt nhm ngi v ng ng sau firewall. m my lai
l mi trng m my m kt hp cung cp cc dch v cng cng v ring [5].
Ngoi ra cn c community cloud l m my gia cc nh cung cp dch v m
my.
V m hnh cung cp dch v c 3 loi chnh l IaaS cung cp h tng nh mt
server, PaaS cung cp Platform nh mt service, v SaaS cung cp software nh
mt service.
Trn y l nh ngha ca NIST v CC, phn tip theo s trnh by v cc li ch ca CC

nhm ni bt cc tnh nng so vi cc m hnh truyn thng.
2. Nhng li ch ca in ton m my
C th k ra mt s li ch c bn v c trng ca h thng in ton m my nh sau

[6]:
Tng s linh hot ca h thng (Increased Flexibility): khi cn thm hay bt mt hay
vi thit b (storaged devices, servers, computers, ) ch cn mt vi giy.
S dng ti nguyn theo yu cu (IT Resources on demand): ty thuc vo nhu cu
ca khch hng m administrator setup cu hnh h thng cung cp cho khch hng.
Tng kh nng sn sng ca h thng (Increased availability) : cc ng dng v dch
v c cn bng ng m bo tnh kh dng. Khi mt trong cc hardware b h
hng khng lm nh hng n h thng, ch suy gim ti nguyn h thng.
Tit kim phn cng (Hardware saving): m hnh truyn thng trong nhiu trng
hp cn mt h thng ring bit cho mi tc v, dch v. iu ny gy ra lng ph,
Thng 4/2012
Page 7
trong m hnh in ton m my, cc ti nguyn IT c qun l m bo s

khng lng ph ny.
Cung cp cc dch v vi sn sng gn nh 100% (taking down services in real
time)
Tr theo nhu cu s dng thc t (Paying-as-you- go IT): m hnh Cloud computing
tch hp vi h thng billing thc hin vic tnh cc da theo dung lng ngi
dng i vi cc ti nguyn nh tc CPU, dung lng RAM, dung lng HDD,
Tm li, m hnh in ton m my khc phc c 2 yu im quan trng ca m

hnh truyn thng v kh nng m rng (scalability) v linh hot (flexibility). Cc t
chc cng nh cng ty c th trin khai ng dng v dch v nhanh chng, chi ph gim, v t
ri ro[6]. Phn tip theo s gii thiu v o ha l cng ngh ct li v c xem nh l
mt bc m chuyn tip t m hnh truyn thng sang CC.
3. Cc cng ngh o ha (Virtualization Technologies)
3.1. Kernel mode v User mode
Trc khi i vo chi tit cc cng ngh o ha xin c s lc mt s khi nim lin quan
n vic x l trn ti nguyn phn cng ca mt h iu hnh. Thng thng mt HH khi
c ci t s c 2 modes hot ng chnh:
Kernel mode: y l khng gian c bo v ni m nhn ca HH x l v tng tc

trc tip vi phn cng. Mt v d in hnh cho Kernel mode l cc drivers ca thit b. Khi
c s c th h thng ngng hot ng v thng bo li nh windows s hin th mn hnh
xanh khi c li giao tip phn cng.
User mode: y l khng gian ni cc ng dng chy, v d Office, MySQL, hay Exchange
server. Khi c s c cc ng dng th ch c cc ng dng ngng hot ng m khng nh
hng g n server.
Khi mt ng dng cn truy cp vo ti nguyn phn cng, v d a cng hay network

interface, ng dng cn giao tip vi driver thch hp chy trong kernel mode. S chuyn
i qua li gia User mode v Kernel mode cng l nhng tin trnh-process v cng
chim dng ti nguyn h thng (CPU, RAM, ).
3.2. Hypervisor
Tt c cc loi o ha c qun l bi VMM (Virtual Machine Monitor). VMM v bn cht

cng c chia lm 2 loi l:
VMM ng vai tr nh mt phn mm trung gian chy trn HH chia s ti nguyn vi

HH. V d: VMware workstation, Virtual PC, KVM.
VMM ng vai tr l mt hypervisor chy trn phn cng. V d: VMware ESXi, Hyper-V,
Xen.
Hypervisor l mt phn mm nm ngay trn phn phn cng hoc bn di HH nhm mc

ch cung cp cc mi trng tch bit gi l cc phn vng partition. Mi phn vng ng
vi mi my o-VM c th chy cc HH c lp.
Hin nay c 2 hng tip cn hypervisor khc nhau (loi 2 hypervisor VMM) vi tn gi:
Monolithic v Micro hypervisor.
Thng 4/2012
Page 8
Figure 2: Monolithic v Microkernelized Hypervisor [7]
Monolithic hypervisor: hypervisor c driver ring bit truy cp ti nguyn phn cng bn
di. Cc VMs truy cp ti nguyn h thng thng qua drivers ca hypervisor. iu ny
mang li hiu sut cao, tuy nhin khi driver trn hypervisor b s c th c h thng ngng
hot ng, hoc phi i mt vi vn an ninh khi drivers c th b gi dng bi malware,
mt ri ro trong mi trng o ha.
Micro-kernelized hypervisor: loi hypervisor ny khng c driver bn trong hypervisor m
chy trc tip trn mi partition. Mt VM s ng vai tr partition cha qun l v khi to
cc partition con (VM con). VM cha cng bao gm nhiu tnh nng khc nh qun l
memory, lu tr drivers, iu ny mang li s an ton v tin cy. Tuy nhin n cng gp
phi vn v sn sng (availability) khi partition cha gp s c, h thng cng b ngng
tr.
3.3. Full-virtualization:
Figure 3: Full-virtualization
Full- virtualization l cng ngh o ha cung cp 1 loi hnh my o di dng m

phng ca 1 my ch tht vi y tt c cc tnh nng bao gm input/output
operations, interrupts, memory access, Hnh 3 miu t m hnh o ha FullVirtualization vi layer Virtualization thc hin chc nng o ha, cung cp cc
my ch o (Guest OS) [8]. Tuy nhin m hnh o ha ny khng th khai thc tt
hiu nng khi phi thng qua mt trnh qun l my o (Virtual Machines monitor
Thng 4/2012
Page 9

hay hypervisor) tng tc n ti nguyn h thng (mode switching). V vy s b
hn ch bt 1 s tnh nng khi cn thc hin trc tip t CPU. Xen, VMWare
workstation, Virtual Box, Qemu/KVM, v Microsoft Virtual Server h tr loi o ha
ny [9].
3.4. Para-virtualization
Figure 4: Para-virtualization
Para-virtualization hay cn gi l o ha mt phn l k thut o ha c h tr v

iu khin bi 1 hypervisor nhng cc Oss ca guest thc thi cc lnh khng phi
thng qua Hypervisor (hay bt k 1 trnh qun l my o no) nn khng b hn ch
v quyn hn. Tuy nhin nhc im ca loi o ha ny l cc OS bit ang chy
trn 1 nn tng phn cng o v kh cu hnh ci t. o ha Para-Virtualization
c h tr bi Xen, VMware, Hyper-V, v UML [9, 10].
3.5. OS-level virtualization (Isolation)
Figure 5: OS -Level virtualization (Isolation)
OS level virtualization, cn gi l containers Virtualization hay Isolation: l phng

php o ha mi cho php nhn ca h iu hnh h tr nhiu instances c cch ly
da trn mt HH c sn cho nhiu users khc nhau, hay ni cch khc l to v chy
c nhiu my o cch ly v an ton (secure) dng chung 1 HH. u im ca o
ha ny l bo tr nhanh chng nn c ng dng rng ri trong cc lnh vc
hosting. OpenVZ, Virtuozzo, Linux-VServer, Solaris Zones, v FreeBSD Jails h tr
loi o ha ny [9, 11]. Mt lu l loi o ha Isolation ny ch tn ti trn HH
Linux.
Nu o ha ch l cng ngh nn tng ca CC th vic trin khai CC trong thc t da vo 2

gii php c bn sau: s dng cc sn phm thng mi cho CC nh ca VMware, Microsoft
(Hyper-V), hoc cc sn phm ngun m nh Eucalyptus v OpenStack. Phn k s trnh by
v li ch ca hng tip cn trin khai CC dng ngun m.
Thng 4/2012
Page 10

4. Hng tip cn Cloud computing s dng cng c ngun m
Vi nhng li ch nu ca m hnh Cloud computing trong phn trc, c bit l v

flexibility v cost benefits, y s l mt xu hng tip cn trong tng lai. Tuy nhin,
c rt nhiu cng ngh cho in ton m my vi nhng chi ph v gii php khc nhau
ty vo mc ch s dng v u im ca mi cng ngh nh d dng trin khai, kh nng
m rng cao, gi r, S dng cng c m ngun m trin khai Cloud computing t
c nhng u im sau [6]:
S ph thuc vo cc phn mm ng kn v bn quyn (Avoiding vendor lock- in):

cc gii php thng mi thng l 1 b gii php vi cc tiu chun ca nh sn xut
chng hn cc APIs c trng, cc kiu nh dng image v lu tr ring, s lm
cho cloud khng tng thch, hoc khng tn dng c nhng c s h tng sn
c. Hoc cc m my vendor lock- in trong tng lai s i mt vi vn di
chuyn (migration) mt s dch v sang nhng h thng cloud khc, s kh khn ny
l mt hn ch.
Getting best-of-breed technology: cc d n v open source cloud computing lun
lun c h tr v gip bi cng ng ton th gii vi hng ngn ngi tham
gia pht trin cc functions mi v sa li bugs (fix bugs). Li th ny ca open
source s khng th c c bt k mt cng ty n l no.
Kh nng m rng khng hn ch: chi ph l vn ni tri trong vn m rng
mng cloud vi gii php phn mm bn quyn. Tuy nhin vi open source clouds,
v d mng clouds s dng Ubuntu, h iu hnh Ubuntu h tr cloud computing
hon ton min ph nn vic m rng rt d dng.
Aligning the cloud to specific business needs: khi gii php thng mi thiu mt
chc nng g , s rt kh tm ra phng thc thay th tr khi ch mt phin bn
mi hn h tr. Nhng vi k thut open source c th thay i code thm cc
chc nng ph hp cho mc ch kinh doanh ca h thng.
II. Cc gii php m ngun m cho m hnh in ton m my
Thng 4/2012
Page 11

Eucalyptus
OpenNebula
Produced by
Santa Barbara
university
Eucalyptus System
Co mpany European Un ion
Main purpose
EC2 Cloud
Build private Cloud
Enterprise
Researchers on Cloud
Co mputing and
Virtualizat ion
Users
Nimbus
University of
Chicago
Xen Cloud Platform
AbiCl oud
Citrix XenServer
Abico
Cloud Co mputing
scientific solution
Scientific
communit ies
- Evolution of Citrix
XenServer
Cloud management
Enterprise
Enterprise
Most Linu x
distributions
- Linu x (Fedora,
RedHat, CentOS et
Suse
Linu x Enterprise
Server)
- Windows 7
Linu x (Ubuntu et
CentOS)
- Windows XP
- Mac OS
OpenStack
Rackspace, NASA,
Dell, Citrix, Cisco,
Canonical etc.
Offers Cloud
Co mputing services
Enterprises, service
providers and
researchers
Supported OS
Linu x (Ubuntu,
Fedora, CentOS,
OpenSUSE et
Debian)
Architecture
- Hierarchical
- Five co mponents
- Min imu m t wo
servers
- Centralized
- Three co mponents Minimu m two servers
- Centralized
- Three co mponents
- Min imu m t wo
servers
- Centralized
- Three co mponents
- Min imu m t wo
servers
- Centralized
- Three co mponents
- Min imu m t wo servers
language
Java, C and python
Java, Ruby and C++
Python, java
Caml
Java, Ruby, C++, and

python
Python
VastSky
HDFS
OpenStack Store
DHCP server
installed on nodes
Open vSwitch
WSManagement
OpenStack Co mpute
- EC2 WS API
- Nimbus WSRF
Co mmand lines XE
(Xen Center and

Versiera (co mmercial
solution for Windows)
Web interface with Adobe

Flex
Web interface Web
- X509 certificate
- Authentication
- Authentication
- Certification
Storage
Walrus
Network
DHCP server on the

cluster controller
Access
interface
- EC2 WS API
- Tools as:
HybridFo x,
ElasticFo x
User
- Zip file that
Thng 4/2012
Linu x (Ubuntu, RedHat

Enterprise
Linu x, Fedora et SUSE
Linu x, Enterprise Server)
- SCP
- SQLite3
Manual configuration
- EC2 WS API
- OCCI API
- Authentication
- GridFTP,
Co mulus (new
version of
GridFTP)
- SCP
- Linu x
- Windows
- Requires x86 Server
Integration of
OpenStack object and
OpenStack co mpute
Page 12

contains
certifications
- HTTPS
connection
- SSH connection
(password stored in MD5

format)
administrator
- SSH connection
- Root required
Root (On ly if necessary)
- SSL connection
- Integrate Globus
(certificat ion)
- SSH connection
- Authentication
- Certification
Load
balancing
Fault
tolerance
The cloud
controller
Ngin x
Le context broker
XAPI
AbiServer
The cloud controller
Cluster controllers
separation
Database backend
(registers virtual mach ine
informat ion)
Period ic verification
of cloud nodes
Virtual mach ine states

synchronization
Replication
Shared FS
VMs locati on
Compati bility
wi th EC2
Node controller
Cluster node
Physical nodes
- Open Virtualizat ion

Format
- Shared Storage
XCP Host
Clouds nodes
OpenStack Co mpute
Yes
Yes
Yes
Yes
No
No
Used by
NASA
Reservoir Project , NUBA
STAR
Li ve
migration
Thng 4/2012
Active in Span
Page 13

1. Eucalyptus
Eucalyptus l mt phn mm ngun m Linux-based trin khai in ton m my vi

c 2 loi hnh private hay hybrid (private and public). Eucalyptus cung c p IaaS
(Infrastructure as a Service) thun tin cho vic ch nh ti nguyn (phn cng, dung lng
lu tr, v h tng mng) da trn yu cu s dng. im mnh ca Eucalyptus l trin khai
enterprise data centers m khng cn qu nhiu yu cu v cu hnh phn cng. Hn na,
Eucalyptus h tr kt ni vi dch v m my ni ting ca Amazon AWS (Amazone
Web ServicesT M) thng qua mt giao din lp trnh chung. Kin trc ca Eucalyptus n
gin, linh hot (flexible), c module ha (Modular) v t c nhiu u im nh chc
nng snapshot, self-service, [12].
2. OpenNebula
OpenNebula l b cng c ngun m s dng cho private, public, v hybrid cloud.

OpenNebula hot ng tng thch vi cc gii php ca Xen, KVM, VMWare, v mi y
l Virtual Box [13, 14].
3. Nimbus
Nimbus l mt d n in ton m my ca Culumbus cung cp dch v IaaS

(Infrastructure as a Service). Nimbus h tr trin khai 2 loi o ha l Xen v KVM [13].
4. Xen Cloud Platform (XCP)
XCP l mt platform ngun m cho vic trin khai o ha my ch v in ton m my

trn nn tng ca Xen Hypervisor. XCP h tr nhiu Guest OS bao gm windows v linux,
h thng mng v lu tr cng nh cc cng c qun tr nm trong XCP appliance. XCP c
ngun gc t Citrix XenServer v c chng nhn bn quyn bi GNU General Public
License (GPL2) [13, 15]
5. AbiCloud
AbiCloud l gii php in ton m my private c pht trin bi Abiquo cho php
ngi dng c th xy dng mi trng IaaS. AbiCloud h tr cc k thut o ha Virtual
Box, VMWare, XEN, v KVM [13, 16].
6. OpenStack
OpenStack l 1 d n m cng ng cho vic pht trin in ton m my ph hp vi

cc nh cung cp (Cloud Providers) cng nh ngi dng (Cloud Customers) c pht trin
bi Rackspace hosting v Nasa. OpenStack bao gm 3 d n chnh: OpenStack Compute (
trin khai vic qun l v ch nh ti nguyn cho cc instances o), OpenStack Object
Storage (thc thi vic lu tr, backup), v OpenStack Image Service (m nhn vic pht
hin, ng k, truyn ti dch v cho cc images disk o) [13].
Hin nay OpenStack ang c nh gi l phn mm ngun m xy dng CC mnh nht
hin nay vi s h tr ca cc hng my tnh ln trn th gii nh HP, Canonical, IBM,
Cisco, Microsoft, y cng l b cng c quan trng ang c trin khai v s c trnh
by chi tit trong cc phn tip theo.
Thng 4/2012
Page 14

Phn 2: OpenStack
I. Amazon Web Service - ngun cm hng cho s ra i ca Openstack
Phn ny s gii thiu s lc v mt trong nhng nh cung cp dch v v CC hng u hin
nay Amazon. Amazon xy dng c mt h thng dch v AWS c bn kh hon
chnh v n nh v IaaS v cc dch v i km. Tip na AWS chnh l ngun cm hng
to ra nhng nn tng v IaaS nh Eucalyptus, Openstack...sau ny. Ti sao li nh vy?
Chng ta s lt qua mt s mc thi gian, tr li khong 10 nm trc ti thi im m hu
nh cha c my cng ty c khi nim v CC, tuy nhin c mt s ngi c tng v
vic cung cp phn mm, h tng...nh l mt dch v.
Nhc n CC chng ta thng ngh ngay n nhng tn tui nh Google, Microsoft, Apple...
Tuy nhin thc t, h khng phi l nhng ngi i u trong cng ngh cng nh ng dng
v Cloud computing. Thc s v tm nhn sm v mc ng dng v CC th phi ni n
Salesforce v tip l Amazon.
Saleforce bt u t rt sm vi CC, ngay t nm 1999 hng c nh hng pht trin
v SaaS, t vic cung cp cc dch v qun l khch hng, k ton, thng k ti chnh... Theo
nh bo co kinh doanh nm 2011, mng dch v v SaaS em li cho Saleforce hn 3 t
USD l mt con s ng ngng m. Ngay c Google hay Microsoft nhng tn tui 'non
tr' trong cng mng kinh doanh v CC cng phi ghen t vi thnh tch ny.
Khng dng li mc cung cp v SaaS nh Saleforce, Amazon t mt cng ty bn l
cc mt hng dn dng, in t, sch... dn vn ln v c th ni l tn tui ln nht hin
nay v dch v h tng cho CC. Cch y hn 10 nm, sau khi tn ti qua t khng hong
bong bng dot com, Amazon dn chng minh phng chm bn hng qua mng ca h l
ng n. L cng ty c tc pht trin nhanh nht sau 5 nm u tin (t nm 1995-2000
doanh thu l 2.8 t USD) vt xa Google (1998-2003 doanh thu 1.5 t USD). Ban u tng
chng i th cnh tranh ca Amazon ch l Wallmart hay BestBuy, eBay - nhng cng ty
bn l. Gi y Amazon ln sn v kinh doanh trong 16 lnh vc khc nhau trong mnh
nht vn l lnh vc bn l tip n l cc dch v v CC.
Figure 6: Management console AWS
Thng 4/2012
Page 15

Amazon thc s xy dng c mt ch cng ngh hng mnh, cnh tranh trc tip
vi cc nh cung cp dch v hosting truyn thng cng nh CC nh Rackspace, GoDaddy,
Google... Theo nhn nh ca gii chuyn mn Amazon to ra mt kin trc v CC kinh
in AWS vi y cc dch v v tnh ton, lu tr, c s d liu chuyn dng... Thc t
cho thy hu ht cc nn tng khc nh Eucalyptus, Openstack... u c xy dng theo
mt kin trc, cc thnh phn ta nh AWS. Tt nhin cha c mt khng nh nn tng ca
ai tt hn mt cch r rng, nhng vi nhng nh gi v tnh n nh, hiu nng v quan
trng nht l gi ca dch v. AWS vn ang l sn phm tt nht hin nay.
Chng ta s lt qua mt s dch v chnh ca AWS. Nh trong hnh di y l ca s qun
l dch v ca AWS.
AWS vn ang lin tc nghin cu ci thin v b sung nhng tnh nng mi cho tp cc
dch v ca h. Do khun kh ca vic nghin cu th nghim Openstack nn nhm s ch
a ra mt s gii thiu c bn v nhn xt v cc dch v chnh ca Amazon. T y s c
mt ci nhn trc quan hn v Openstack v c mt so snh vi 'i th' ln nht ca n. Sau
y l mt s mc thi gian quan trng ca AWS:
Nhng dch v chnh ca AWS phi k n l:
Amazon Elastic Cloud Compute (EC2) cung cp cc instance (my o) ty theo nhu
cu, vi kh nng tnh ton, m rng v cng linh hot. Hiu n gin, EC2 cung cp
cho ngi dng kh nng to cc my o trn h tng ca Amazon, h c th cp pht
Thng 4/2012
Page 16

ti nguyn (CPU, RAM) theo yu cu, v t Amazon s tnh ton cc chi ph. Cc
instance c cc mc cu hnh khc nhau: nh nht l mirco instance (1 CPU, 613 MB
RAM) v ln nht ti hn 64GB RAM v 88 EC2 CPU (tng ng 2 x Intel Xeon
E5-2670)
Amazon Elastic Block (EBS) cung cp kh nng lu tr c lp, kt hp vi EC2.
Hiu n gin ging nh vic s dng thm cc a m rng trn cc my vt l.
Khi m c s c ti instance th d liu lu trn EBS vn c th s dng c lp, v
c th chia s gia nhng instace khc nhau.
Amazon Simple Storage Service (S3) cung cp kh nng lu tr khng hn ch, cng
ging nh EBS, S3 gii quyt vn v lu tr, tuy nhin EBS c s dng bi cc
instance th S3 c s dng nh mt a mng. Thng qua mt giao din (web hay
mt GUI) ngi dng c th lu tr d liu ca mnh, backup d liu t cc ngun
khc nhau (t chnh EBS, EC2...) S3 s dng c s d liu Dynamo qun l vic
lu tr, ch khng s dng cc CSDL quan h truyn thng v i vi dch v lu tr,
ngi dng ch yu c v ghi d liu nn nu lu theo m hnh quan h s khng
gii quyt hiu qu.
V cc thnh phn trong AWS hot ng c lp vi nhau, chng c th kt hp li cn c
mt phn trung gian gip truyn cc thng ip v ng b thi gian gia cc dch v.
Amazon pht trin ring mt dch v tn Simple Queue Service - y chnh l thnh phn
u tin m Amazon pht trin, v phi mt ti 2 nm (2002-2004) mi c bn hon thin.
Tuy c v khng my quan trng nhng y li chnh l mt im mu cht gip to nn sc
mnh ca h thng cc dch v AWS.
Ngoi ra th AWS ang cung cp rt nhiu dch v khc na nh SimpleDB (lu tr truy vn
theo kiu quan h truyn thng), Elastic MapReduce Service (p dng trong vic tnh ton
hiu nng cao, x l d liu ln, thng qua S3 v EC2)...
Ty theo lu lng s dng, ti nguyn h thng bn cn...Amazon s tnh ton chi ph v
yu cu bn thanh ton. V c bn bn ch phi tr cho nhng g bn s dng. Khi bn khng
cn dng n ti nguyn no , bn c th 'dng' n li v khng phi tr ph trong thi gian
. y chnh l mt trong nhng im th v c th thy vi CC.
Amazon hin cho php ngi s dng th nghim cc dch v c bn ( quy m nh nht)
min ph trong mt nm u tin. ng k rt n gin, bn cn khai bo ti khon ngn
hng ca mnh, s khng mt mt khon ph no nu ch c iu khon t Amazon. V
d khi s dng EC2 nu bn 'l tay' chn instance khng phi loi micro, vy l bn mt
ph ri y. Nhm s demo mt s chc nng chnh ca AWS trong bui gii thiu, bn cng
c th xem trong phn ph lc.
Ngi dng c th tng tc vi AWS thng qua AWS Management Console bng cch
ng nhp vi username v mt khu, sau vi mt giao din Web ngi dng c th s
dng cc chc nng ca AWS. Vi tng dch v c th nh EC2, S3... AWS s cung cp cho
Thng 4/2012
Page 17

ngi dng cc chng ch, public/private key chng thc vi h thng, sau ngi dng
c th tng tc thng qua mi trng dng lnh (trong Linux s dng gi ec2tools).
AWS h tr mt s ngn ng lp trnh c bn nh Java, PHP, Ruby, .NET, Python... thng
qua cc API. Cc lp trnh vin c th s dng nhng API ny tng tc, lp lch, t ng
khi to m rng...vi cc dch v ca AWS. Theo nh gi t cng ng th AWS API hot
ng rt tt trn cc nn tng khc nhau. Ngn ng c AWS khuyn co s dng l
Python, Java.
II. Gii thiu v OpenStack Projects

1. Lch s v Openstack
Trong phn gii thiu v AWS trn, chng ta c bn nm c mt s chc nng m mt

sn phm thng mi hin ti ang cung cp c cho khch hng, t ta c th so snh
mt cch tng i gia nhng chc nng m gi cng c ngun m ny thc hin c.
lm r thm l do ly AWS lm 'i chiu', xin c trch qua mt s mc quan trng dn
ti s ra i ca Openstack.
Tr li mc 2005 khi m Amazon ra mt th nghim EC2, l mt thnh cng ln gy bt
ng cho cng ng. Vi s n nh ca n, cc cng ty khc c th n gin thu EC2
trong mt vi gi vi mt mc nng lc rt rt ln thc hin cc cng vic tnh ton cn
ti hiu nng cao ca h. V d m Amazon thng em ra so snh l vic hp tc gia h v
NASDAQ - sn chng khon cn x l mt lng d liu tnh ton cc ln vo cui tun,
thay v u t mt h thng my ch phc tp, h ch thu EC2 trong vi gi v chi ph tit
kim rt rt nhiu hn na hiu qu cng vic li tt hn.
Mt trong nhng cng ty cn s dng kh nng tnh ton hiu nng cao kiu nh th l
NASA. H c k hoch ti cu trc li trung tm d liu ca h, v h cn mt nn tng IaaS
c th s dng tt hn h tng vt l m h c. Amazon EC2 l mt tm gng tt ng
ngng m. Vo khong nm 2008 NASA bt u s dng tham gia vo Eucalyptus mt d
n nhm cung cp mt IaaS ging nh AWS (EC2 v S3). Tuy nhin khng nh mong mun
ca NASA, Eucalyptus khng phi l mt d n m hon ton, cng ty u cho n khng
cho php NASA xem mt s thnh phn ng kn ca Eucalyptus. Rn nt bt u t y.
Sau NASA bt u nghin cu d n ring ca h cng vi mc ch xy dng mt h
tng nh Amazon EC2, v codename ca d n l Nebula. Vi s tc ng t nhiu pha
khc nhau, cui cng vo nm 2010 NASA quyt nh cng b m ngun ca Nebula v pht
trin n di dng ngun m vi codename l Nova. Sau Rackspace tip tc ng ghp
nn tng lu tr ca h vo d n vi codename Swift. D n Openstack c thnh lp vi
cam kt pht trin theo hng m. N nhanh chng nhn c s ng thun t rt nhiu
hng cng ngh khc v cng ng. Hin nay c hn 160 cng ty tham gia vo d n ny
vi hu ht cc tn tui ln nh: NASA, Rackspace, Cisco, Citrix, Microsoft, HP, Dell,
Canonical...
Nh ni AWS chnh l ngun cm hng to nn Openstack ngy nay, AWS l nn tng
ng ca Amazon v Openstack l mt nn tng m dnh cho tt c cc cng ty v cng
Thng 4/2012
Page 18

ng s dng. Mc ch ca Openstack l cung cp cho ngi dng kh nng xy dng mt
h tng cho c private cloud v public cloud. c nhiu cng ty s dng Openstack xy
dng dch v phc v nhu cu ca chnh h v cho thu nh chnh NASA v Rackspace.
2. Tng quan v Openstack
Openstack c chu k pht trin 6 thng, i cng vi s pht trin ca CC, vi mi phin bn
Openstack li b sung thm thnh phn mi tng ng vi nhng chc nng mi. Openstack
hon ton l ngun m, cc thnh phn ca n c vit trn Python - ngn ng ang c
nh gi rt cao nhng nm gn y.
2.1. Cc phin bn ca OpenStack
Austin 10/2010: l phin bn u tin ca OpenStack bao gm 2 projects l Object storage

(cn gi l Swift) v Compute (cn gi l Nova). Project Compute trong phin bn ny ch
mc testing v hn ch nhiu tnh nng khi trin khai.
Bexar 2/2011: tch hp 1 project mi l Image Service, ng thi c nhiu s thay i ci
tin trong Nova v Swift. Phin bn ny cho php lu tr files ln hn 5Gb v tch hp mt
service mi swauth cho vic chng thc, thm quyn. ng thi ci tin nhiu tnh nng
trong API cng nh m rng vic h tr cc hypervisors cho o ha.
Cactus 4/2011: phin bn ny cng bao gm 3 projects nh Bexar, tuy nhin c s ci tin
API v h tr thm 2 cng ngh o ha LXC containers v VMware. Glance gii thiu cng
c command- line mi phc v vic truy cp dch v, thm cc nh dng image, v thm nh
image m bo ton vn d liu (integrity).
Diablo 11/2011: y l phin bn ang c s dng th nghim, cng c 3 projects chnh
nh phin bn Cactus.
Essex 4/2012: phin bn mi va ra i s th nghim trong thi gian ti vi s h tr
v nng cp 2 projects mi l Identity v Dashboard.
2.2. OpenStack Diablo
Kin trc conceptual v logical
Sau y l s kin trc mc conceptual ca Openstack:
Thng 4/2012
Page 19
Figure 7: Kin trc Logic OpenStack (conceptual)
Trong th nghim, nhm s dng bn Openstack ra mt ngy 22/11/2011 m Diablo. Trong

phin bn ny gm ba thnh phn chnh:
Compute (tn m Nova) cung cp kh nng tnh ton vi nhng instance - tng ng vi EC2
ca Amazon.
Image Service (tn m Glance) lu tr cc file nh ca cc instance trc khi c 'bung' ra
s dng bi Nova - AWS cng c mt thnh phn tng t qun l cc image tuy nhin v
l nn tng ng, nn thng tin chi tit v n khng c cng b r rng.
Object Storage (tn m Swift) cung cp kh nng lu tr - tng ng vi S3.
Phin bn mi nht ca Openstack ra mt ngy 05/04/2012 vi codename Essex, b sung

thm hai thnh phn mi l:
Dashboard (tn m Horizon) cung cp giao din web qun l Openstack.
Identity (tn m Keystone) cung cp kh nng authentication v authorization cho cc dch
v ca Openstack.
mc kin trc logical, OpenStack c minh ha sau y:
Thng 4/2012
Page 20
Figure 8: Logical Architecture
M hnh kin trc logic ca OpenStack c din gii qua 3 chnh sau y:
Ngi dng cui tng tc thng qua 1 giao din web (Horizon)
Tt c cc services u c chng thc thng qua Keystone
Cc dch v c nhn ring bit tng tc vi nhau thng qua cc APIs tng ng.
Cng ging nh AWS, cc thnh phn ca Openstack hot ng c lp, do vy cn phi c

mt phn trung gian gia nhm trung chuyn, ng b thi gian, thng tin v ti nguyn
cho c h thng. Openstack hin s dng Rabbit queue message chuyn cc thng ip
qua li.
Trong phin bn Diablo th nghim hai thnh phn Dashboard v Indentity cha hot ng
tt vi 3 thnh phn Nova, Swift, Glance nn hin nay vn cha th ci t chng hot ng
ng.
Thng 4/2012
Page 21

Sau y xin gii thiu chi tit hn v cc thnh phn chnh ca Openstack.
2.1.1. OpenStack compute
y l phn c bn nht ca Openstack c chc nng iu khin IaaS v phn phi li ti

nguyn h thng cho cc instance vi kh nng tnh ton lu tr c lp. N tng ng vi
Amazon EC2.
V c bn Nova cung cp cho ngi dng kh nng chy cc instance (my o) v giao din
qun l cc instance trn h tng phn cng. Tuy nhin Nova khng bao gm bt c
phn mm o ha no. Ci n lm l s dng li cc hypervisor (do ngi dng ty chn ci
t) thc hin vic o ha tnh ton. Ngi dng c th s dng cc hypervisor khc nhau
trong cc zone khc nhau. Di y l cc hypervisor m Nova hin h tr:
Hyper-V 2008
KVM - Kernel-based Virtual Machine
LXC - Linux Containers (through libvirt)
QEMU - Quick EMUlator
UML - User Mode Linux
VMWare ESX/ESXi 4.1 update 1
Xen - XenServer 5.5, Xen Cloud Platform (XCP)
Cc tnh nng chnh ca OpenStack Compute [17]
Qun l ti nguyn o ha bao gm CPU, memory, disks, network interfaces. Tt c cc ti

nguyn c hp nht vo trong 1 b pool of computing. Vic ny s tng tnh t ng
v tn dng ti nguyn, em li li ch ln v kinh t.
Qun l mng ni b (LAN) Flat, Flat DHCP, VLAN DHCP, IPv6
OpenStack c lp trnh ch nh cc a ch IPs v VLAN (Virtual LAN). Chc nng ny
gip cho vic cung cp dch v networking v nng tnh bo mt khi cc VLANs c tch
ri nhau. ng thi tnh linh hot trong m hnh mng cng ph hp vi mi ng dng cho
mi user/group.
API vi nhiu tnh nng v xc thc: c thit k t ng v an ton qun l vic users
truy cp vo cc ti nguyn v ngn chn truy cp tri php qua li gia cc users.
Distributed and asynchronous architecture
Massively scalable and highly available system
(for increased assurance of system uptime)
Virtual Machine (VM) image management
Live VM management (Instance) khi to, khi ng, ng bng, hay xa instances. Ngoi
ra cn c tnh nng lifecycle management.
Floating IP addresses:
Security Groups
Role Based Access Control (RBAC)
Projects & Quotas
VNC Proxy through web browser
Advanced Scheduler (Diablo v3 07/28 Started)
Nova c 7 thnh phn chnh:

Thng 4/2012
Page 22
Figure 9: Cc thnh phn ca Nova
Cloud Controller - qun l v tng tc vi tt c cc thnh phn ca Nova

API Server - ging nh mt Web service u cui ca Cloud Controller
Compute Controller - cung cp, qun l ti nguyn t cc instance. Object Store - cung cp
kh nng lu tr, thnh phn ny i cng vi Compute Controller
Auth Manager - dch v authentication v authorization
Volume Controller - lu tr theo block-level - ging nh Amazon EBS
Network Controller - to qun l cc kt ni trong virtual network cc server c th tng
tc vi nhau v vi public network
Scheduler - chn ra compute controller thch hp nht lu instance.
Cc thnh phn ca Nova hot ng c lp, kt ni vi nhau bng cc thng ip (messagebased architecture). Cc thnh phn Compute Controller, Volume Controller, Network
Controller v Object Store c th ci t trn cc server vt l khc nhau. Nh trong hnh trn
c th thy Cloud Controller giao tip vi Object Store thng qua HTTP nhng giao tip vi
Scheduler thng qua AMQP (Advanced Message Queue Protocol) trnh vic tc nghn
khi khi i cc thnh phn phn hi, Nova s dng cc hm gi khng ng b
(asynchronous), vi mt call-back c gi khi m response c nhn.
Do c to thnh t nhiu thnh phn khc nhau nn c mt s chc nng ang c xy
dng li, mt s chc nng b lp. in hnh nh trong Nova, thnh phn Object Store
dng lu cc image (file nh ca cc h iu hnh o khi cha c chy), ng thi
Glance cng l ni lu tr cc image . Tuy nhin vic ny khng nh hng g nhiu
Thng 4/2012
Page 23

n h thng. Ngi dng c th ty chn gia cc la chn ny. Theo khuyn co th
Glance vn c u tin hn.
User v Project
Nova c thit k s dng cho nhiu i tng khc nhau, n s dng cc quy tc phn
quyn c bn thng qua Role-Based Access Control (RBAC) bao gm 5 lut:
Cloud Aministrator (admin): Global role. User vi quyn ny c ton quyn vi c h thng.
IT Security (itsec): Global role. Quyn ny hn ch hn so vi admin. N cho php user gi
v cch ly cc instance trong bt c project no nu c vn .
Project Manager (projectmanager): Project role. Ngi s hu mt project no , ngi c
quyn ny c th thm user vo project, tng tc vi cc image, chy v kt thc (terminate)
cc instance trong vng project qun l.
Network Administrator (netadmin): Project role. nh v (allocate) v gn public IP cho
instance. Thay i cc lut ca firewall.
Developer (developer): Project role. y l quyn mc nh c gn cho ngi dng.
Nova-network
Thnh phn ny tng tc vi nova-compute, c nhim v kt ni gia cc instance vi nhau
v cc instance vi public network. Cng ging nh AWS hay Eucalyptus mt instance trong
Openstack c th c 2 IP. Mt private IP c dng kt ni gia cc instance v public IP
c dng kt ni instance vi Internet (public network).
nova-network c ba cch qun l khc nhau:
Flat Network: to mt giao din bridge da trn ethernet adapter giao tip gia cc
node. Khi chn cu hnh l Flat Network, Nova s khng qun l cc thao tc v
networking ca cc instance. n gin lc IP s c gn cho cc instance thng
qua file system. Cc metadata phi c cu hnh th cng trn cc gateway nu l
yu cu ca mng ni b. Hnh sau y m t v cch cu hnh ny trn nhiu node
khc nhau thng qua mt ethernet adapter:
Thng 4/2012
Page 24
Figure 10: V d Flat Network
Flat DHCP Networking: vi kiu cu hnh ny th host chy nova- network s ng

vai tr nh mt gateway cho cc virtual node.
Figure 11: Flat DHCP networking
VLAN Networking: l cu hnh mc nh ca nova. N cho php admin gn cc vng

private network cho mi project. V instance c th c truy cp thng qua VPN t
ngoi Internet. Trong kiu cu hnh ny, mi project s c mt VLAN ring, mt
Linux networking bridge v subnet. Subnet c ch nh bi admin v c gn
ng cho project khi c yu cu. Mt DHCP server c chy qun l cho mi
VLAN gn IP cho mi instance trong vng subnet c gn cho project. Tt c cc
instance thuc cng project c t trong mt VLAN ring.
2.1.2. OpenStack Object Storage
OpenStack Object Storage hay cn gi l Swift c Rackspace open-source t nm 2010,

n chnh l cng ngh c s dng ng sau Rackspace's Cloud Files mt trong nhng gii
php lu tr thng mi rt tt hin nay cnh tranh vi Amazon S3.
Thng 4/2012
Page 25

Swift l phn mm ngun m to ra cc phin bn ging nhau cho vic lu tr d liu,
ng thi vi vic m rng lu tr rt linh hot v s dng c ch clusters, kh nng ca
swift c th lu tr ln n petabytes d liu truy cp. Swift khng ch l mt h thng data
thi gian thc, n cn l mt h thng lu tr ln vi tnh cht lu di long term vi mt
lng d liu cc ln m vn m bo vic truy xut, phn cp, v nng cp (retrieved,
leveraged, and updated). Cc i tng lu tr (Object Storage) s dng kin trc phn tn
so vi m hnh tp trung, nn s khng c im trung tm. Vic ny gip cho nng kh nng
m rng, backup, v duy tr (scalability, redundancy and permanence). Cc i tng c
ghi ln nhiu thit b phn cng khc nhau m trong , OpenStack ng vai tr chu trch
nhim m bo vic ti to, sao nguyn, v ton vn ca d liu qua cc cluster. Mt khc,
cc cm lu tr d liu c th c m rng theo chiu ngang d dng qua vic thm cc
nodes lu tr mi. Nu 1 nodes trc trc, hot ng ca OpenStack ngay lp tc ti to li
ni dung ca n t mt nodes c active khc. Tt c cc cng vic trn c OpenStack
thc hin v mt logic m khng ph thuc vo bt k thit b phn cng no, vic ny m
bo chc chn hn trong vic ti to, sao chp d liu ng thi trnh vic ph thuc vo
thit b phn cng, c bit cc thit b chuyn dng gi thnh cao.
Figure 12: Tng quan OpenStack Object Storage

Cc tnh nng ca OpenStack Object Storage [18]
Store and Manage files programmatically via API: qun l file thng qua giao din API
Create Public or Private containers
Leverages Commodity hardware
HDD/node failure agnostic: m bo khng mt d liu bng cc c ch backup v sao lu
t ng
Unlimited Storage: lu tr khng hn ch
Multi-dimensional scalability (scale out architecture)
Thng 4/2012
Page 26
Account/Container/Object structure: cho php m rng n nhiu Peta-bytes, v hng t

objects
Built-in Replication: N copies cc accounts, container, v objects
Easily add capacity unlike RAID resize
No central database: hiu sut cao, trnh c tht c chai
RAID not required
Built-in Mgmt. utilities: Acct. Management: Create, add, verify, delete users
Container Management: upload, download, verify
Monitoring: Capacity, Host, Network, Log trawling, cluster health
Drive auditing: cho php kim tra cc a pht hin h hng.
Hnh di y m t kin trc logic ca Swift:
Figure 13: Kin trc Logic ca Swift
Cc thnh phn chnh c miu t c th nh sau:

Proxy Server - nhn cc request v chng thc user. Sau khi qu trnh chng thc
hon tt, d liu s c chuyn trc tip t (hoc ti) user. Proxy server s khng
kim tra chng.
Object Server - lu tr, qun l cc i tng c lu. Cc object s c lu theo
dng binary cng vi metadata miu t v d liu .
Container Server - lu tr thng tin v tr v danh sch cc object ang c lu bn
Object Store.N khng bit chnh xc object c lu u nhng n bit c th
object c lu ti container no. D liu c lu mc nh trong mt CSDL Sqlite,
Thng 4/2012
Page 27

nu Swift c ci t trn cc cluster khc nhau th CSDL ny s c to thm cc
bn sao tng t.
Account Server - cng ging nh Container Server nhng nhim v ca n l qun l
danh sch cc Container ch khng phi l object.
The Ring - Thnh phn ny s to mt nh x gia tn ca cc thc th c lu trn
a cng v a ch vt l ca n. C nhiu ring khc nhau cho account, container v
bject. Khi m cc thnh phn khc cn s dng bt c thao tc no tr object,
container hay account th cn phi tng tc vi ring tng ng tm ra ng a ch
lu tr trn cluster. Ring c s dng bi proxy server v cc tin trnh khc chy
trong background.
2.1.3. OpenStack Image Service
OpenStack Image Service (cn gi l Glance) cung cp cc tnh nng v discovery, ng k

(registration), v vn chuyn (delivery) cc dch v cho cc a images o. API ca
OpenStack Image Service cung cp mt giao din tiu chun cho cc thng tin truy vn v
cc a image o lu tr trong cc back-end, bao gm lun c OpenStack Object Storage.
Clients c th ng k mt a image o vi cc dch v c sn, thc hin vic truy vn thng
tin.
Cc tnh nng hin ti [19]:
Image-as-a-service
Multi-format/container support
Image status
Scalable API
Metadata
Image Checksum
Extensive Logging
Integrated testing
Back-end store options
Version control
CLI access
Built-in Mgmt. utilities
Drive auditing
Nh gii thiu Glance l mt trong nhng thnh phn chnh ca Openstack, nhim v ca
n l lu v cung cp cc file nh ca cc my o (instance).
Glance gm c ba phn:
Thng 4/2012
Page 28
Figure 14: Cc thnh phn ca Glance
Glance API server - nhn cc hm gi API, tng t nh nova-api, n ch cc API

request sau giao tip vi cc thnh phn khc (glance-registry v image store) sau
thc hin cc cng vic c yu cu: truy vn, upload, delete image...
Glance Registry server - lu v cung cp cc thng tin (metadata) v image (nh
dng, ID, dung lng...) Mc nh s dng Sqlite lu cc metadata. Ngoi ra
glance-registry lun nghe cng 9191.
Image Storage - lu tr cc file image
Glance h tr mt s nh dng sau:
Figure 15: nh dng Glance
m t chc nng ca Glance, n gin ta c th miu t bng s hot ng nh sau:

Thng 4/2012
Page 29
Figure 16: Hot ng ca Glance
Trong phn th nghim nhm cng s dng ba thnh phn Nova, Glance v Swift. V c bn
cc file image ca instance s c upload ln Glance server, sau Nova s gi ti Glance
v yu cu ly mt trong nhng file image khi to instance bn trong nova-compute.
Nu c d liu cn lu ring (backup, d liu dng chung gia cc instance) th s c lu
trn Swift. Ba thnh phn ny c lp vi nhau, nhng c th kt hp vi nhau hot ng
nh mt th thng nht.
2.1.4. OpenStack Dashboard (Horizon) OpenStack Identity
Trong ln th nghim ny vn cha hon thin c vic ci t hai thnh phn ny cng vi
Nova, Glance, Swift. Trong phin bn Essex hy vng hai thnh phn ny s hot ng tt
hn. Sau y l mt s thng tin c bn v Keystone v Dashboard.
Keystone l thnh phn chng thc, token, catalog v policy service cho tt c cc dch v
khc ca Openstack. N c trin khai thng qua Identity API ca Openstack.
Dashboard cung cp mt giao din web nhm tng tc qun l cc thnh phn cn li ca
Openstack, n kt hp vi Keystone chng thc user. c pht trin da trn Django
framework. N cung cp mt giao din tng t nh AWS management console.
Figure 17: OpenStack DashBoard
Thng 4/2012
Page 30

Thng qua Dashboard chng ta c th thc hin hu ht cc thao tc i vi cc thnh phn
ca Openstack.
II. M hnh trin khai OpenStack

1. Cc cng c s dng
Mi trin khai CC c thc hin trn mt server DELL T710

Ubuntu 11.10 server amd64
Cc thnh phn ca Openstack c ci t repository ca Ubuntu, tng ng vi
phin bn Diablo ca Openstack.
Tt c cc thnh phn Nova, Glance, Swift c ci t trn mt server duy nht. Do
vy mt s thnh phn ph nh ng b thi gian gia cc node l khng cn thit
(khng cn s dng ntp server)
Figure 18: M hnh trin khai
Thm na ch cn s dng mt adapter duy nht cho vic cu hnh nova-network. Cc

instance s c gn hai di IP nh sau:
Public IP dng kt ni cc instance ra Internet: 172.17.2.64/27
Private IP dng kt ni cc instnace vi nhau (mc nh lc khi to s gn cho
mi instance mt a ch): 10.0.0.0/22 32 32
Cc gi chnh s c ci t:
Cc gi ph nh unzip gii nn cc image, vnc v rt nhiu gi lin quan ti
Python: python-software-properties memcached xfsprogs python-setuptools curl
vncproxy unzip
Chng ta s s dng MySql server cho tt c cc dch v: mysql-server
Message queue server nhm chuyn cc thng ip gia cc thnh phn ca
Openstack: rabbitmq-server
Thng 4/2012
Page 31

B cng c dng tng tc vi Openstack thng qua dng lnh, ban u n c
thit k cho Eucalyptus nn mi c tin t euca: euca2ools
Cc gi lin quan ti Nova: nova-volume nova-api nova-nova-ajax-console-proxy
nova-doc nova-scheduler nova-objectstore nova-network nova-compute
Gi lin quan ti Glance: glance
Gi lin quan ti Swift: swift swift-account swift-container swift-object swift-proxy
Ch : v y khng phi l "tt c" cc gi s c ci t, s c nhng gi ph na c t
ng ci t km theo m chng ta cha cn quan tm. y ti liu ch xin nu ra cc gi
c bn nht xy dng mt m my Openstack trn mt node.
Phn ny khng i chi tit vo qu trnh ci t m ch nu cc bc cn thit c th cu
hnh Openstack chy c vi ba thnh phn c bn. Trong chng ti s gii thch r hn
mt s im mu cht. Phn hng dn ci t xin xem thm trong phn ph lc.
2. Cc bc ci t trong th nghim
Sau y l mt s bc chnh ci t h thng Openstack trong th nghim ca nhm.

** Ci t MySql server
Mc nh th Glance v Swift s s dng Sqlite server lu cc metadata cng nh cc d

liu lin quan, chng ti chn MySql l mt CSDL kh ph bin v quen thuc vi cc nhu
cu s dng bnh thng hin nay ti mi trng chng ti lm vic.
Chng ti s s dng ba dch v l Nova, Glance v Swift do vy cn to 3 CSDL nova_db,
glance_db, swift_db tng ng vi cc user: nova, glance, swift s dng trong nhng cu
hnh phn sau.
** Ci t cc gi c bn nh unzip, rabbitmq-server, euca2tools...
Cc ci t ny khng i hi thay i tham s g. Ch n gin l ci v chng s hot ng

theo ng kch bn.
** Ci t v cu hnh Glance
Cc file cu hnh ca Glance s c lu trong /etc/glance/ chng ta s thay i mt s thng

tin v d nh trong glance-registry.conf. V CSDL s dng lu tr t Sqlite sang MySql.
Ngoi ra trong th nghim ny, khng cn thit phi chnh thm thng s no khc ca
Glance.
** Ci t v cu hnh Nova
Cc file cu hnh ca Nova c lu ti /etc/nova/.

Trong th nghim ny n gin ha, nhm s ch thay i thng s trong
/etc/nova/nova.conf. y l ni lu cc cu hnh quan trng nht ca Nova nh thng tin v
CSDL, kiu cu hnh nova- network...
Cu hnh nova-network ch VLAN. Ch s dng mt interface eth0 t server DELL
nhm kt ni cc instance ra Internet v to VLAN cho mi project.
Thng 4/2012
Page 32

Nh ni trn, chng ta s dng di private IP l: 10.0.0.0/22 32 32 v di public IP l
172.17.2.64/27 y l di IP thc cng lp vi IP ca host (server DELL) do vy khi cu
hnh xong v chy cc instance, chng ta c th 'nhn' thy cc instance thng qua di IP
ny.
** To mt Nova project
Nh ni trong phn user v role trong Nova, chng ta s to mt user vi tn: testuser v
sau s gn cho testuser quyn sysadmin. Tip chng ta to mt project tn testproject
v gn n cho testuser vi ton quyn.
** To cc chng ch (credential) access key.
Vi mi project, Nova s cung cp cc chng ch v access key cho user nhm thc hin vic
chng thc. Cc thng tin quan trng nht nm trong file novarc. File ny c s dng
to mt 'mi trng' vi nhng tham s tr ti server m Nova c ci t.
Gi s chng ta dng mt my client khc thc hin cc truy vn trn Nova. Trn client
ny chng ta cng phi ly cc chng ch v access key ny v. T client ny c th d
dng tng tc v 'ni chuyn' vi server chy Nova.
Chng ta cn m cng 22 cho SSH service v cng 80 cho HTTP service.
Sau khi ng li tt c cc dch v ca Nova v Glance. Nu khng c li th t by gi
chng ta c th s dng Nova v Glance.
** Upload image v khi chy instance
Cc image c sn t cc server ca Ubuntu, Stackops... y cng l nhng file chun m cc

nh cung cp ny to sn cho ngi s dng. Chng ta s cn phi ly chng v v upload
ln Glance (hoc nova object-store)
Vi mi instance chng ta cn gn cho n mt cp public/private key. Mc ch l ngi
dng c th s dng chng ng nhp ti instance. Public key s c gn vo instace cn
private key th ngi dng s lu li ( l mt file .pem). T client ch cn s dng private
key tng ng vi instace bn c th SSH ti instance v thc hin cc vic ci t thng
qua dng lnh.
** Ci t v cu hnh Swift
Nh gii thiu, m bo vic lu tr an ton v hiu qu, Swift lu mt object (d liu)

trn nhiu zone khc nhau. th nghim ny do chng ta ch c mt server nn tng chng
c ch ny khng my hiu qu, nhng hy tng tng chng ta c nhiu server v xa hn
na cc server nm ti cc v tr a l khc nhau. S an ton v d dng hn rt nhiu trong
vic lu tr v ci thin cht lng dch v i vi ngi dng.
th nghim ny, nhm s dng mt phn vng a cng khc Swift lu tr d liu trn
. Nhm s to ra 4 server m phng cho vic lu tr object trn 4 node khc nhau. Bn
node ny tt nhin s cng IP nhng s s dng cc cng khc nhau cho tng dch v nh
vy c th tm thi m phng c cch thc hot ng ca Swift.
Thng 4/2012
Page 33

Trong th nghim chng ti s dng Swauthkey nhm n gin hn vic to user trong
Swift, chng ta c th dng Swauthkey to mi user ngay trn dng lnh ch khng cn
phi thay i thng s trong /etc/swift/proxy-server.conf.
Chng ta c th tng tc vi Swift thng qua dng lnh. Mt s trnh qun l FTP nh
CyberDuck c th tng tc vi Swift kh tt.
Trn y ti liu trnh by qua cc bc chnh v ngha ca chng theo nh kch bn ci
t th nghim. Ba thnh phn ny u hot ng, tuy nhin vn c rt nhiu trc trc, li
pht sinh trong qu trnh th nghim s c trnh by phn tng kt.
Thng 4/2012
Page 34

Phn 3: Security trong Cloud computing
nh gi v tnh bo mt trong CC, cn xc nh cc yu cu cng nh cc nh ngha v
security trong cc gii php CC. iu ny ng ngha vi vic cn nghin cu v cc tiu
chun t ra trong security. Phn ny s trnh by v so snh cc tiu chun CC security ca
CSA, NIST, v cc nghin cu khc. Tip theo s xut cc gii php trong CC v cui
cng l nh gi an ton ca OpenStack Diablo.
I. CSA
CSA l t chc phi chnh ph c thnh lp nm 2008 nhm mc ch nghin cu cc vn
v security trong CC vi s hp tc ca rt nhiu cng ty ln trn th gii nh Microsoft,
Google, IBM, VMware, Phin bn u tin ca CSA l 1.0 ra i thng 4/2009, sau l
phin bn 2.1 ra i thng 12 cng nm vi nhng nguy c security c thm mi nh
Information Lifecycle Management v Storage. Hin nay CSA ang phin bn 3.0 vi mt
s ci tin v m rng, chng hn Security as a Service.
Cc tiu chnh nh gi ca CSA u da trn cc nghin cu v c thm nh trong gii
hc thut (peer-review) trc khi c cng b thnh cc phin bn. Phn ny s tm lc
cc yu cu v security m CSA a ra c mt ci nhn v lnh vc rng ln security trong
CC. CSA chia cc yu cu v security ra 2 phn chnh vi cc vn nh sau:
1. Qun l trong CC (5 phn)
Phn ny CSA khuyn co vi nhiu phn mc [20], tuy nhin trong khun kh ti liu ch
cp n:
Governance and Enterprise Risk Management: kh nng qun l v kim sot cc mi nguy
hi trong mi trng kinh doanh (Enterprise), cc vn lin quan n nhn thc ngi
dng, s phi hp gia Provider vi ngi dng trong trch nhim bo v cc d liu b mt.
Information Management and Data Security: qun l d liu lu tr trong cloud, vic nh
danh d liu, chng tht thot, mt d liu khi di chuyn data. m bo tnh bo mt, ton
vn, v sn sng cho d liu (confidentiality, integrity, availability).
Interoperability and Portability: di chuyn d liu v service t 1 nh cung cp sang 1 nh
cung cp khc - interoperability, cng nh em ton b data back-in-house.
Ngoi ra cn c ni dung v SLA c xem nh l cc quy nh m bo mc an ton

v sn sng ca h thng i vi ngi dng, ty chi ph m SLA c th cao hay thp.
2. Hot ng trong CC (8 phn)
Traditional Security, Business Continuity, and Disaster Recovery: CC cng phi i mt
vi cc him ha an ninh nh cc h thng truyn thng khc cng nh vn back-up h
thng v recovery khi c s c xy ra.
Data Center Operations: m bo s hot ng ca Data Center vi y cc tnh nng
ng thi vi n nh cao v lu di.
Incident Response: kim sot, bo hiu trong vic xy ra cc s c.
Application security
Thng 4/2012
Page 35
Encryption and Key Management: bo v vic truy cp vo ti nguyn h thng cng nh

bo v d liu.
Identity, Entitlement, and Access Management: m bo qun l vic truy cp v chng
thc user.
Virtualization: nhng nguy hi lin quan n VM isolation, l hng ca cc Hypervisor.
Security as a Service: y l 1 yu cu mi v security trong phin bn ny v xc nhn m
bo security t cc hng th 3 c uy tn trn th gii thng qua vic kim tra security. Vic
ny m bo s tin tng ca khch hng cng nh to ra 1 ng lc nng cao security
cho h thng.
Phn ny tm lc cc tnh nng lin quan n security trong cloud c CSA khuyn co
khi mun trin khai CC. Phn k s cng ch nhng c khuyn ngh bi NIST.
II. NIST
NIST National Institute of Standards and Technology khuyn ngh 1 guidelines honh
chnh cho security v privacy trong CC vo thng 12/2011. M c ch ca NIST l cung cp
mt ci nhn tng quan v CC v cc thch thc bo mt trong CC [21]. Cc vn c
NIST a ra l:
Governance
Compliance
Trust: cc vn v data ownweship, Insider Access, hay Risk management
Architecture: thit lp bo v cho cc my o (VM), mng o (Virtual Network), pha ngi
dng v pha server.
Identity and Access Management: thc thi Authentication v Access control
Software Isolation
Data Protection
Availability: bo v chng li cc mi nguy hi lin quan n sn sng ca h thng nh
DoS, outages (m bo h thng in, ngun).
Incident Response
Nhn chung, cc tiu ch ca NIST v CSA kh ging nhau khi gn nh r sot ton b cc
yu cu m bo cho mt h thng an ton, v d v m bo chng thc v quyn truy cp
(authentication v access control), hay cc phn ng khi c s c, cng nh
software/application security, V cc gii php v cc khuyn ngh (recommendation) c
th ca CSA hay NIST s c trnh by trong phn IV.
III. Cc nghin cu t cc trng i hc

Mt m hnh in ton m my, theo cc chuyn gia ca i hc Azad, Iran v cc nghin
cu a ra trong hi ngh ln th 8-2009 ca IEEE, cn tha mn cc yu cu sau v security
[5]:
Availability management: sn sng ca h thng trong mi trng hp

Access control management: qun l vic truy cp
Vulnerability and problem management: kh nng ngn cn cc l hng v thm nhp
Thng 4/2012
Page 36
Patch and configuration management: vn update h thng thng xuyn ngay khi c
bn v v cu hnh
Countermeasure: cc bin php i ph khi gp s c v security
Cloud system using and access monitoring: qun l vic s dng v truy cp ca user vi
cloud.
c th ca mng m my vi nhiu loi hnh khch hng khc nhau t ngi dng ph
thng (ordinary users), gii nghin cu (academia) hay cc doanh nghip kinh doanh
(enterprise). S t l nghch gia security v performance lun l vn cn phi t ra
v gii quyt nu mun m bo 1 h thng m my an ton vi hiu sut cao. Tuy
nhin vi cc loi hnh khch hng khc nhau, nhu cu cng khc nhau. Chng hn vi khch
hng enterprise, nhu cu v security c u tin hng u trn c performance trong khi gii
academia u tin vn hiu sut cao. V bn cht, cloud computing cng l mt mi
trng mng public nh cc mng truyn thng nn vn phi i mt vi cc vn an ninh
c bn nh cc l hng ca web application (SQL injection hay Cross-site scripting), DNS
poisoning hay ARP poisoning, Tuy nhin, vn v security trong cloud computing t
trng tm vo vic nh gi qua Information Security Policies cc chnh sch bo v thng
tin v Cloud RAS (reliability, availability, and security) issues cc nguy hi v an ninh gp
phi trong c th mi trng cloud.
1. Information Security Policies
Mt s im yu v Information security policies c th k ra nh sau [22]:
Privileged user access

Regulatory compliance: khch hng (users) phi chu trch nhim hon ton v tnh an
ton v ton vn (integrity) ca d liu. Trong m hnh truyn thng vic ny c s
gip ca cc t chc kim ton (external audits) v cc security certifications.
Data location: ngi s dng cloud s khng th bit c chnh xc d liu ca h lu tr
u. C ch lu tr phn tn gy ra s mt iu khin cho ngi dng v iu ny l mi lo
khi chuyn t lu tr local sang lu tr trn m my.
Data segregation: D liu ngi dng c lu tr chung vi nhau v vic bo v c thc
thi bng m ha. Tuy nhin phng php c in ny khng th m bo vn an ton
thng tin. Tuy nhin hin nay vn cha c 1 gii php hon m cho vn ny.
Recovery: mi vn v backup v khi phc d liu c ngi dng mong mun thc hin
thng qua Cloud Provider m khng phi 1 hng th 3.
Investigative support
Long-term viability
2. Cloud RAS issues
S pht trin ca cloud n mc no i hi phi c s kt hp gia cc nh cung cp

cloud vi ngi dng pht trin cc ng dng. Vic chia s ny ng ngha vi vic gia
tng cc mi him ha bo mt v i hi nhiu thch thc trong vic qun l bo mt cho
i ng IT. Cc nguy c tim n mi trong mng cloud c th k n:
2.1. Data Leakage
Khi chuyn hng sang m hnh cloud s c 2 s thay i ln v mt d liu ca

ngi dng cn c quan tm st sao: d liu s c lu tr cch xa ngi dng,
Thng 4/2012
Page 37

khng cn trn a local truyn thng v d liu s c lu tr trn nhiu ngun
(multi-tenant environment) thay v mt u mi nh trc y (single-tenant
environment) [23]. y chnh l mi quan tm chnh trong vn bo mt.
2.2. Cloud security issues
Bn cht ca cloud provider cng l s truyn thng trn Internet s dng giao thc
TCP/IP m trong cc user c nh danh bi a ch IP. Cng ging nh mng
thun vt l, mi my o trn Internet cng c nh danh bng t nht 1 a ch IP
m c th d dng tm thy bi ngi dng hay attackers. Tng t nh my vt l,
attackers c th xm nhp t my o qua my ch vt l.
Attacks in cloud: ngy nay c rt nhiu loi hnh tn cng mng, v v l thuyt, tt
c cc loi hnh c th c p dng e da cloud ty thuc mc khc
nhau. Chng hn khi 2 users trong cng mng cloud s dng my o, c th xem nh
2 my vt l chung 1 network.
DDoS attacks against Cloud: tn cng DDoS l kiu tn cng vi s lng ln gi tin
IP n 1 mng nht nh vi mc ch lm ngng tr ton b h thng mng . Vi
c im rt nhiu ngi dng trong 1 mng in ton m my, s nguy hi nu h
thng b ngng tr l rt ln hn trong m hnh kin trc n im [5]. Phn ln cc
mng khng th no bo v chng li tn cng DDoS bi v lng traffic v t
hng ngn, vn my trn internet, ng thi cng rt kh phn bit bad traffic v
good traffic. H thng IPS rt hu hiu ngn chn DDoS nhng vi cc kiu tn
cng c nhn dng hoc vi cc gi tin, tp tin nhim c c lu tr (preexisting signature). Tuy nhin vi nhng gi tin hp l mang ni dung xu vn c
cho qua. Gii php firewall cng khng cn hu hiu vi DDoS khi cc gi tin bypass
firewall cn d dng hn IDS/IPS [5].
IV. Cc gii php security cho m hnh Cloud Computing

Vi cc c trng ring ca cloud l gii php cho mt s vn truyn thng v security,
chng hn vn downtime h thng, backup, lu tr phn tn, hay DoS. Mt s gii php
trong cloud c xut m bo an ton nh sau:
1. Access control and management
Thit lp 1 c ch iu khin vic truy cp l rt cn thit cho vic an ton thng tin
ngn chn vic truy xut tri php. V d vic ch nh quyn hn cho user s dng cc d
liu v dch v. Mt lu cho c ch ny l phi bao trm tt c cc qu trnh ca 1 user t
khi mi bt u khi to (initial registration) cho n khi kt thc l khng truy cp vo h
thng v dch v na(de-registration). Theo tiu chun ca Information Technology
Infrastructure Library (ITIL) v ISO 27001/27002 v bo mt, mt h thng Security
management phi m bo cc chc nng sau [24]:
Control access to information: truy cp vo thng tin

Manage user access rights: qun l quyn hn ngi dng
Encourage good access practices
Control access to network services.
Control access to operating systems.
Control access to applications and systems
Thng 4/2012
Page 38

Vic qun l truy cp trong clouds c chia ra 3 phn theo m hnh cung cp dch v ca
clouds
SaaS: mc d cloud providers qun l tt c cc lnh vc bao gm mng, servers, v h tng

ng dng. Tuy nhin trong m hnh SaaS khi ng dng c cung cp di dng dch v
thng thng qua trnh duyt web, vic qun l network-based gn nh khng lin quan m
tp trung vo vn qun tr ngi dng, cc c ch chng thc mnh v s dng one-time
password [5, 24], Single Sign On [25], qun l quyn hn,
PaaS: Khc vi m hnh SaaS, trong PaaS, vic qun l trng tm vo tng network, servers,
v cc platform h tng ng dng. Tuy nhin trong trng hp ny, ngi dng phi chu
trch nhim cho vic qun l cc ng dng t trn platform PaaS. Tuy nhin, vic truy cp
vo cc ng dng phi c qun l, ch nh, v chng thc.
IaaS: cc khch hng ca IaaS phi chu hon ton trch nhim cho vic qun l truy cp
n ti nguyn ca h trn cloud. Vic truy cp vo cc server o, network o, h thng lu
tr o, v cc ng dng trn mt IaaS platform s c thit k v qun l bi khch hng.
Vic qun l truy cp m hnh IaaS bao gm 2 phn chnh: qun l host, network, v ng
dng thuc s hu ca cloud provider trong khi ngi dng phi qun l vic truy cp n
cc server o, lu tr o, networks o, v cc ng dng chy trn cc virtual servers [24,
25].
2. Cc bin php i ph khi xy ra cc vn v security
Mt trong nhng im quan trng ca cloud security l tm ra cc vn v l hng bo mt

tn ti, sau trin khai cc bin php thch hp i ph. Nhn chung, h thng cloud
c xy dng trn mt b nhiu engines lu tr vi kh nng h tr high availability p
ng c vic backup qua li cho cc server o v tht nu c s c xy ra. t c
linh hot, kh nng m rng v hiu sut s dng, cloud providers phi i mt vi nhng
vn trong vic phn tch v tnh ton phn b hp l ti nguyn cho cc cng vic tnh
ton khc nhau.
Partitioning: mt v d khi mun nng cao hiu sut tnh ton ca cc ng dng trn cloud l
chia d liu ra nhiu partitions thc hin tnh ton trn nhiu nodes nhm mc ch tng
hiu sut ca cc query v transaction. V th, cc kt qu c tnh ton rt nhanh chng v
tr v.
Migration: S linh hot l mt trong nhng yu cu chnh ca cloud, trong ng cnh cung
cp cc dch v cloud cn linh hot trong vic s dng ti nguyn. V d ti nguyn phi
c dnh ring cho cc hot ng cn thit v quan trng nht. Chnh iu ny lm cho
vic qu ti ca cc node trong cloud khng xy ra khi c s di chuyn (migration) ca h
thng, c bit l h thng CSDL ln, c bit vn m bo duy tr hot ng ca h thng
khi migration xy ra.
Workload analysis and allocation
Ngoi ra cn tnh n cc gii php disaster recovery khi c cc s c bt ng xy ra nh

thin tai, l lt, chy n,
3. DDoS
Nh trnh by, vi cc h thng c y Firewall v IDS/IPS vn c th b tn cng

DDoS. Tuy nhin, nu vi mt h tng mng mnh vn c th chu c vi lu lng
Thng 4/2012
Page 39

DDoS cc ln. H tng cloud m bo cho iu ny khi ton b h tng l s lin kt ca
hng trm, ngn my tnh. iu ny gip cho qun tr vin c thi gian gii quyt s c
tm ra nguyn nhn khc phc. V d h thng IPS s hc c cc quy tc tn cng mi hay
qun tr vin tin hnh phn tch gi v thit lp cc rules drop cc gi tin n vi phm.
IV. OpenStack Security

Bt k s trin khai CC no trong thc t d l sn phm thng mi hay opensource cng
phi p ng cc yu cu cng nh bin php x l t ra v security. Hin nay vi mc tiu
s dng b cng c ngun m OpenStack, vic trin khai ch mi hon thin mc c
bn (3 projects u trnh by phn 4) nn cc cng c h tr security trong OpenStack
vn cn tip cn mc hn ch.
Keystone (hay OpenStack Identity) chnh l thnh phn chnh cho security vi cc chc nng
chng thc, chnh sch, trnh by s lc trn.
User v Project: vic to cc user v project cng m bo vic truy cp chng thc khi user
khng th truy cp vo cc project khng thuc ch qun ca mnh chc nng User v
Project trong Nova.
Keypairs: To cc kha gn cho instance khi khi to cng l 1 cng c m bo security
khi ch c user c cp kha mi thm quyn truy cp instance.
Vic trin khai keystone hin nay cha thnh cng nn mc nh gi cha chnh xc.
Nhng cc chc nng security trong keystone s m bo an ton cho vic trin khai mt
IaaS.
Thng 4/2012
Page 40

Phn 4: Tng kt
Trong 8 tun th nghim nhm gp kh nhiu kh khn trong qu trnh ci t cu hnh
cc thnh phn ca Openstack. y l mt h thng phc tp nhiu thnh phn ang trong
qu trnh pht trin nn ti liu v n c nhiu ch khng c chnh xc v cp nht kp
thi.
Sau khi tham kho nhiu hng dn t nhng ngi khc cng ang th nghim Openstack,
nhm quyt nh ch tp trung thc hin vic th nghim ba thnh phn Nova, Glance v
Swift. Mt phn v hai thnh phn Dashboard v Keystone cha hot ng tt trong phin
bn Diablo, mt phn v thi gian ra mt phin bn mi Essex cng khp vi thi im kt
thc th nghim. Do vy vic th nghim tt c cc thnh phn k trn ca Openstack s
c kim tra vi phin bn Essex trong thi gian ti trnh vic lng ph thi gian. Sau
y l mt s im tng kt li sau qu trnh th nghim:
**** Nhng vic t c

hon tt ci t v vn hnh c ba thnh phn chnh ca Openstack l Nova,
Glance v Swift tng ng vi hai dch v quan trng nht l cung cp ti nguyn v
Cloud compute v Cloud storage.
th nghim cc my o ca Linux c bn nh Ubuntu, Debian, CentOs. Tuy
nhin, ch s dng cc file image c cung cp sn t cc hng ny. Trong
Ubuntu l nh cung cp tt nht v y nht v cc phin bn. (L do mt phn v
h l i tc chnh ca AWS v Openstack, thm na cng ty ny ang u t rt ln
vo CC)
Swift - thnh phn lu tr hat ng bnh thng, tng tc c vi mt s GUI
nh CyberDuck trn Windows v MacOS.
Kim tra c cc chc nng c bn thng qua API v dng lnh (euca2tools)
Bn thn cc gi Nova, Glance v Swift cng cung cp cc chc nng xem thng tin,
upload, qun l instance v d liu, tuy nhin v tn ca cc cu lnh kh 'ri rc' nn thng
thng tin cho vic s dng ngi ta hay dng euca2tools. Gi ny tng thch vi c
Eucalyptus v Openstack. Tt c thao tc trong th nghim u s dng cc cu lnh euca*
ny.
**** Nhng vic cha t c

Cha th nghim c hai thnh phn Keystone v Dashboard. Cc thao tc qun l
ch thc hin c thng qua dng lnh.
Vi ti nguyn v tnh ton: c th chy cc instance (my o) Linux kh n nh.
Tuy nhin vi cc my o chy Windows vn cha thnh cng. Vn c nhiu li pht
sinh chng hn nh b mt instance hoc khng th ng nhp vo instance. Cc li
ny theo nh gi c th xut pht t tnh cha n nh ca Openstack, th na l do
Thng 4/2012
Page 41

trnh ca nhm cha hiu r v Linux v Openstack c th tm hiu v gii
quyt trit .
Vi ti nguyn v lu tr: mi ch kim tra c s b cch thc hot ng, cha c
tm hiu c su v kh nng lu tr m rng, lu tr file kch thc ln...
Ngoi ra v gii hn bi iu kin phn cng, thi gian trin khai nn vn cha kim
tra c hiu nng ca cc thnh phn. Mt s chc nng cn c nhiu hn mt my
ch kim tra nh vic di chuyn mt instance, cn bng ti...vn cha c thc
hin.
**** K hoch trong vic th nghim k tip

Phin bn mi Essex ca Openstack mi ra mt u thng 04/2012 ha hn nhiu ci tin, v
n nh hn. Hai thnh phn Keystone v Dashboard cng c gii thiu tng thch tt
hn vi cc thnh phn cn li.
K hoch tip theo l chuyn sang th nghim phin bn ny, kt hp vi vic m rng h
tng vt l. Vi mt m hnh ln hn, kh nng kim tra hiu nng ca cc thnh phn trong
Openstack s chi tit v c nh gi chnh xc, ng hn.
Thng 4/2012
Page 42

Ph lc:
Ph lc 1: Tutorial ci t OpenStack trn Ubuntu 11.10 64 bits
Xem file PDF i km
Ph lc 2: Mt s link tham kho khc
Security Solutions for Cloud Computing http://infosecisland.com/blogview/5449-SecuritySolutions- for-Cloud-Computing.html
Security Issues and Solutions in Cloud Computing
http://wolfhalton.info/2010/06/25/security- issues-and-solutions- in-cloud-computing/
http://www.hastexo.com/resources/docs/installing-openstack-essex-20121-ubuntu-1204-precisepangolin
Thng 4/2012
Page 43

References:
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
in ton m my. Available from:

http://vi.wikipedia.org/wiki/%C4%90i%E1%BB%87n_to%C3%A1n_%C4%91%C3%A1m_m%C
3%A2y.
Cloud computing. Available from: http://en.wikipedia.org/wiki/Cloud_computing.
Data center. Available from: http://en.wikipedia.org/wiki/Data_center.
Wind, S. Open source cloud computing management platforms: Introduction, comparison,
and recommendations for implementation. in Open Systems (ICOS), 2011 IEEE Conference
on. 2011.
Sabahi, F. Cloud computing security threats and responses. in Communication Software and
Networks (ICCSN), 2011 IEEE 3rd International Conference on. 2011.
Ubuntu Cloud: Technologies for future-thinking companies. 2012; Available from:
http://www.canonical.com/about-canonical/resources/white-papers/ubuntu-cloudtechnologies-future-thinking-companies.
Wesselius, J. Windows Server Virtualisation: Hyper-V, an Introduction. 2009; Available from:
http://www.simple-talk.com/sysadmin/virtualization/windows-server-virtualisation-hyperv,-an-introduction/.
Full virtualization. Available from: http://en.wikipedia.org/wiki/Full_virtualization.
o ha trong in ton m my. 2012; Available from:
http://hpcc.hut.edu.vn/forum/archive/index.php/thread-658.html.
Paravirtualization. Available from: http://en.wikipedia.org/wiki/Paravirtualization.
Operating system-level virtualization. Available from: http://en.wikipedia.org/wiki/OSlevel_virtualization.
Eucalyptus open source cloud computing infrastructure - Overview. 2011; Available from:
http://go.eucalyptus.com/Eucalyptus-Open-Source-Cloud-Computing-Infrastructure-AnOverview-Download.html.
Mahjoub, M., et al. A Comparative Study of the Current Cloud Computing Technologies and
Offers. in Network Cloud Computing and Applications (NCCA), 2011 First International
Symposium on. 2011.
Leads, O.P. OpenNebula 3.2 Key Features and Functionality. 2012 [cited 2012 22nd March];
Available from: http://opennebula.org/documentation:features.
Systems, C. Xen Cloud Platform Project. 2012 [cited 2012 22nd March]; Available from:
http://www.xen.org/products/cloudxen.html.
Abiquo. Abiquo Overview. 2012 [cited 2012 22nd March]; Available from:
http://www.abiquo.com/products/abiquo-overview.php.
OpenStack Compute. 2012; Available from: http://openstack.org/projects/compute/.
OpenStack Object Storage. 2012; Available from: http://openstack.org/projects/storage/.
OpenStack Image Service. 2012.
Archer;, J., et al., Security Guidance for Critical Areas of Focus in Cloud Computing v3.0. Cloud
Security Alliance, 2011.
Jansen, W. and T. Grance., Guidelines on security and privacy in public cloud computing,
2011.
Brodkin, J. Gartner Seven cloud-computing security risks. 2008; Available from:
http://www.infoworld.com/d/security-central/gartner-seven-cloud-computing-securityrisks-853.
Stokes, J., T-Mobile and Microsoft/Danger data loss is bad for the cloud. 2009.
Security management in the cloud. 2010; Available from:
http://mscerts.programming4.us/programming/Security%20Management%20in%20the%20
Cloud.aspx.
Thng 4/2012
Page 44

25.
Security Management in the Cloud - Access Control. 2012; Available from:

http://mscerts.programming4.us/programming/Security%20Management%20in%20the%20
Cloud%20-%20Access%20Control.aspx.
Thng 4/2012
Page 45

PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

PDF

Uploaded by

Copyright:

Available Formats

Cloud computing v OpenStack

Gii thiu Cloud computing

Cloud computing v OpenStack

Cloud computing v OpenStack

Cloud computing v OpenStack

Cloud Security Alliance

Service Level Agreement

National Institute of Standard and Technology

Amazon Web Service

Virtual Machine Monitor

Cloud computing v OpenStack

Cloud computing v OpenStack

in ton m my (cloud computing) hay cn gi l in ton my ch o ni cc tnh ton

Hnh bn di m t mt nh ngha v CC bao gm 5 tnh nng chnh, vi 4 m hnh trin

Cloud computing v OpenStack

Rapid elasticity: nh cung cp CC d dng ch nh cng nh thu hi ti nguyn

C 3 m hnh trin khai in ton m my chnh l public (cng cng), private

Trn y l nh ngha ca NIST v CC, phn tip theo s trnh by v cc li ch ca CC

C th k ra mt s li ch c bn v c trng ca h thng in ton m my nh sau

Cloud computing v OpenStack

trong m hnh in ton m my, cc ti nguyn IT c qun l m bo s

Tm li, m hnh in ton m my khc phc c 2 yu im quan trng ca m

Kernel mode: y l khng gian c bo v ni m nhn ca HH x l v tng tc

Khi mt ng dng cn truy cp vo ti nguyn phn cng, v d a cng hay network

Tt c cc loi o ha c qun l bi VMM (Virtual Machine Monitor). VMM v bn cht

VMM ng vai tr nh mt phn mm trung gian chy trn HH chia s ti nguyn vi

Hypervisor l mt phn mm nm ngay trn phn phn cng hoc bn di HH nhm mc

Cloud computing v OpenStack

Figure 2: Monolithic v Microkernelized Hypervisor [7]

Full- virtualization l cng ngh o ha cung cp 1 loi hnh my o di dng m

Cloud computing v OpenStack

Para-virtualization hay cn gi l o ha mt phn l k thut o ha c h tr v

3.5. OS-level virtualization (Isolation)

Figure 5: OS -Level virtualization (Isolation)

OS level virtualization, cn gi l containers Virtualization hay Isolation: l phng

Nu o ha ch l cng ngh nn tng ca CC th vic trin khai CC trong thc t da vo 2

Cloud computing v OpenStack

Vi nhng li ch nu ca m hnh Cloud computing trong phn trc, c bit l v

S ph thuc vo cc phn mm ng kn v bn quyn (Avoiding vendor lock- in):

II. Cc gii php m ngun m cho m hnh in ton m my

Cloud computing v OpenStack

Build private Cloud

Xen Cloud Platform

Java, C and python

Java, Ruby and C++

Java, Ruby, C++, and

(Xen Center and

Web interface with Adobe

Web interface Web

DHCP server on the

- Zip file that

Linu x (Ubuntu, RedHat

Cloud computing v OpenStack

(password stored in MD5

Root (On ly if necessary)

The cloud controller

Virtual mach ine states

- Open Virtualizat ion

Reservoir Project , NUBA

Cloud computing v OpenStack

Eucalyptus l mt phn mm ngun m Linux-based trin khai in ton m my vi

OpenNebula l b cng c ngun m s dng cho private, public, v hybrid cloud.

Nimbus l mt d n in ton m my ca Culumbus cung cp dch v IaaS