Register for the OpenStack Summit    Register Now

OpenStack Conference Spring 2013

April 15-18, 2013, Portland, Oregon

April 15, 16, 17, 18


Thanks for attending! The OpenStack Summit is a four-day conference for developers, users, and administrators of OpenStack Cloud Software.

The OpenStack Summit
Portland 2013

Our Headline Sponsors

Note: Presentations are still being uploaded. If you do not see the presentation you are looking for, please check back soon.

Videos of Sessions From Day 4

Project Update: Networking

Mark McClain

OpenStack Networking Update: Opportunity for newly elected PTLs to share the state of the project, major topics being discussed at the Summit, user feedback, and their vision and roadmap for the next release

Watch Now

BillingStack and associated projects

Endre Karlson

Recently we've started work on BillingStack which is a billingsystem that is based on the ideas to be like a "OpenStack"" project, meaning do something and do it very well. It's at the time being re-written from a Java / Grails implementation initially conceived by it's original author Luis Gervaso from the former company called StackSherpa.

Watch Now

Zen of Eventlet

Chuck Thier

Eventlet is a core library that Openstack depends on for network communications. Eventlet is not magic, though often it is treated as such. In this talk, I will dispell the magic, and discuss best practices for using Eventlet. 

Watch Now

Support for Domain Quota Management to Allow Domain Quotas to be Managed and Enforced

Yehia Beyh

In Keystone v3 (Grizzly release), the Domains feature encapsulates users and projects into logical entities that can represent accounts, organizations, etc. However, currently there is no capability or mechanism to manage or enforce quotas at the domain level. Assigning or updating values or limits to a domain will allow the cloud administrator to evaluate domain lists and consumption. In order to achieve these capabilities it will be required to implement quota management and quota monitoring for Keystone domains, by which domain usage can be managed and enforced.

The goal is to support quotas at the OpenStack Domain level. 


Watch Now

Windows on OpenStack: Best Practices and Pitfalls

Tim Smith

Due  to  security,  licensing,  and  networking  particularities,  as  well  as  a  resource-­heavy  boot  and  runtime profile,  running  Windows  in  a  cloud  environment  poses  a  unique  set  of  challenges  to  implementers  of OpenStack  public  and  private  clouds.

Despite  these  challenges,  enterprises  are  increasingly  looking  to  deploy  Windows  virtual  desktops  and servers  in  their  OpenStack  environments  -­  both  to  replace  physical  desktops  as  well  as  to  move  their Windows-­based  server  applications  to  a  more  economical  virtualization  platform.

In  this  talk  we  present  best  practices  and  pitfalls  learned  over  the  course  of  several  pilot  and  production Windows-­on-­OpenStack  deployments,  including: -­  Understanding  how  Windows  works  in  the  context  of  an  OpenStack  cloud:  images,  instances,  etc. -­  Methods  for  mitigating  the  "boot  storm""  incited  by  booting  large  numbers  of  Windows  VMs. -­  Integrating  with  existing  Windows  networking  services,  such  as  Active  Directory. -­  Desktop  personalization,  access  marshalling,  and  session  management. -­  License  and  license  key  management  for  short-­lived  Windows  VMs. -­  Strategies  for  the  reduction  of  runtime  resource  usage  for  large  Windows  deployment. 

Watch Now

Project Update: Compute / Nova

Russell Bryant, Vishvananda Ishaya

OpenStack Nova Update: Opportunity for to share the state of the project, major topics being discussed at the Summit, user feedback, and their vision and roadmap for the next release

Watch Now

Interactive Visual Orchestration With Curvature and Donabe

Debojyoti Dutta, John Davidge, Sam Betts, Bradley Jones, Jack Peter Fletcher

In this talk we introduce Curvature – an interactive visual orchestration tool for applications on OpenStack. We also describe Donabe – a recursive container service – and how both can be leveraged in conjunction to create and deploy recursively stackable application topologies from virtual machine images and Quantum networking components.

Curvature’s approach to service deployment allows the user to define a workload at a higher level of abstraction than current deployment tools. Users draw their desired application topology on a canvas using a toolset of Quantum L2/L3 components and virtual machine images. This topology can then be deployed onto a running OpenStack environment at the click of a button – with Curvature handling all of the orchestration necessary for provisioning the workload, i.e. the Quantum networks and Nova VMs. We demonstrate this design and deployment workflow in real time on a live OpenStack environment using real- world use cases.

This talk showcases Curvature’s functionality both with and without Donabe to demonstrate how these services will radically change the user experience of cloud application deployment. 

Watch Now  Slides

Hyper-V Grizzly Features Exposed

Alessandro Pilotti, Peter Pouliot

With the Grizzly release comes many new and exiciting features for Windows Server 2012 and Hyper-V. We will discuss new features including

  • Quantum Driver for Hyper-V
  • Cloudinit for Windows
  • Cinder Driver for Windows
  • RDP Console Proxy
  • Additional Nova Features 

Watch Now

Cloud Security: We're Doing it Wrong

John Stauffacher

Most companys today have taken the age old security models and "Virtualized"" them to be used in todays ""cloud"" market. Vendors have come to market with ""Virtual"" Firewalls, IPS, HIPS/HIDS, etc that all claim to be the pancea that solves your cloud ""security"" issues. The problem exists when we rely our ""virtual"" security infrastructure to protect our sensative 'real' information.

Watch Now

Project Updates: Dashboard and Image service

Gabriel Hurley, Mark Washenberger

OpenStack Dashboard/Horizon and Image service / Glance Updates: Opportunity for newly elected PTLs to share the state of the project, major topics being discussed at the Summit, user feedback, and their vision and roadmap for the next release.

Watch Now

Connected Communities, Innovative Technologies: OpenStack, oVirt, and KVM

Mike Day, Jean Staten Healy

With the continued adoption of OpenStack infrastructure, many open source projects face the challenge of integrating with OpenStack in order to remain relevant to customers. oVirt and the Open Virtualization Alliance (OV A) are two communities dedicated to the advancement of the open source KVM hypervisor. oVirt is an open-source management infrastructure for KVM, whereas the OVA is dedicated to driving

adoption of KVM in the marketplace. Together these efforts have increased the use of KVM by customers, and created a healthy ISV ecosystem around the open source technology.

The growth of KVM also presents some interesting opportunities for improving both OpenStack and oVirt. oVirt can provide rich services to Cinder, Glance, Quantum, and Nova. In this presentation we will discuss both the value and the technical implementation for each of these integration points, and the future of the oVirt project within the context of OpenStack. Additionally,we will discuss best practices in open source community development along with an overview of the business value of KVM on OpenStack. 

Watch Now

Proxy Compute Service managing multiple VMware vCenter Clusters and Resource Pools

Divakar Padiyar Nandavar

The current implementation of VMware VC compute driver for OpenStack uses one proxy server to run nova-compute service to manage a cluster. In this session, we would cover the changes implemented to enhance VMware VC Compute driver so that it runs as a Proxy Compute Service to manage multiple VMware vCenter Clusters and Resource Pools as compute nodes. These proposed changes are in line with nova Bare metal proxy driver.

Highlights of these changes: 

  • VC driver treats Clusters and resource pools as compute nodes.    
  • One proxy compute server to manage multiple Clusters and resource pools.
  • The set of clusters/resource pools to be configured as compute nodes are specified in the configuration file.
  • Dynamically create/update/delete nova compute nodes based on Clusters/Resource pools change in vCenter. 


Watch Now

Federated Access to OpenStack via Keystone v3 API

David Chadwick

This presentation will provide an update on the progress in adding federated authentication and authorisation to OpenStack via modifications to the Keystone v3 API. This will allow organisations to use their existing internal authentication systems so that their users can access both public clouds and internal private clouds and services using the same set of credentials. This will simultaneously reduce the management overhead costs to the organisation and the multiple credential management nightmare to users.

This talk will be of general interest to all OpenStack users. 


Watch Now

Project Updates: Oslo and Keystone

Mark McLoughlin, Dolph Mathews

Watch Now

OpenStack Networking LBaaS (Load Balancing as a Service)

Roman Alekseenkov

OpenStack Grizzly will finally include support for elastic load balancing. Quantum LBaaS project provides a standardized REST API that abstracts diverse hardware and software-based load balancers. This allows administrators and applications to instantiate and configure virtual and physical load balancers on demand.

The talk will walk attendees through key features of Quantum LBaaS and will include a live demonstration of managing HA-proxy instances. We will also discuss supported load balancers and go over the future roadmap. 

Watch Now  Slides

Workshop: Automating Swift deployments with SwiftStack

John Dickinson

This interactive session will cover automation and management tools for OpenStack Swift. Attendees will learn about the deployment mechanisms behind the scenes of SwiftStack. This is a hands-on workshop where we will install and configure a SwiftStack cluster in a virtual machine on attendees’ laptops.

In this workshop, attendees will learn about: 

  • The automation required to run OpenStack Swift in production
  • Runtime stacks for load-balancing, ssl-termination and authentication
  • Networking architecture for Swift
  • Monitoring Swift-specific metrics
  • Tuning a Swift cluster
  • Best practices for cluster expansion and failure handling 

Attendees should bring their laptops (with virtualization extensions enabled in the BIOS), and we will provide a virtual machine image that will be used during the workshop. 




Watch Now

DNS in the cloud: the Moniker Openstack-inspired DNS Project

Patrick Galbraith

DNS is one of those things in life one often takes for granted. It just works. It is however, the phone book of the Internet. Without DNS, maintaining lookup data would be a difficult endevor. With Openstack, there is certainly a need for a DNS service, particularly, something that works well with Openstack and adheres to its standards and philosophy. One such project is Moniker.

Moniker is a an Openstack-inspired DNS as-a-service project. It is intended to be used to provide DNS service from the entry point of creating, updating, maintaining and deleting DNS data using the Moniker API, to providing DNS resolution for users. It is a very modular project, allowing for the use of whatever DNS server and organization demands, or the database where DNS data is stored. It is also intended to work in conjunction with other components such as Nova.

Moniker is an ideal project to use for developing DNS as a service for an organization, and HP in particular is building their DNSaaS product based on Moniker.

This discussion will provide an overview of Moniker as well as in-depth discussion of the various components such as: 

* Moniker processes and configuration

* How Moniker allows multiple DNS server backends and creating new backends

* How Moniker allows backend database storage

* Using the Moniker API    

Also, a demonstration of using Moniker will be given, showing DNS domain creation, modification and deletion, followed by a question and answer session. 



Watch Now

Project Update: Block Storage

John Griffith

OpenStack Block Storage Update: Opportunity for PTLs to share the state of the project, major topics being discussed at the Summit, user feedback, and their vision and roadmap for the next release.

Watch Now

The Open Source Data Center: The Holy Grail of X Computing and Community Driven Innovation

Cole Crawford

Getting an X Ray is sometimes a life saving procedure but did you know that X Rays are named X Rays because when they were first discovered their discoverers did not know their nature, hence the X. Come join a discussion about the current state of the data center while we look to the future and how together we can do more.

Watch Now

Openstack meets Openflow

Samrat Ganguly

We present the Openstack architecture that integrates Openflow based software defined networking (SDN) enabling automation and provisioning of network services spanning virtual switches (OVS) and physical switches. The talk will provide a deep understanding of the architecture components and the interactions. We will also discuss the unique benefits of SDN/openflow vis-a-vis Openstack, compare with existing Quantum supported networking architectures and share our deployment based experiences. 

Watch Now

Folsom Security in Review

Matthew Joyce

This talk is a break down of security concerns relating to the OpenStack Folsom Release. The purpose of this talk is to look at past vulnerabilities in Folsom, existing security models, and emerging technologies that will impact those models. The presentation will follow the flow of describing several deployment models in terms of their security attributes. The next phase will be the discussion of specific protocols in use and their individual security characteristics. I will present statistics on where past vulnerabilities have been found and reported allowing us to consider how we can better address security in our continuous integration
processes. The goal of this talk is to present a map of where we are today, and expose some of the issues we have yet to face. 


Watch Now

Bare Metal to OpenStack with Razor and Chef

Matt Ray, Egle Sigler

In this workshop attendees will follow along with the presentation and learn to use the Razor Provisioning Engine along with Opscode Chef to deploy OpenStack to bare metal in an easy to do, easy to maintain, easy to scale fashion. Key take-away: 

  • Hands on experience with Razor
  • Hands on experience with Chef
  • Familiarity with the concepts and tools needed to build and maintain an OpenStack Cloud 



Watch Now

Apache Deltacloud - speaking EC2 and CIMI to Nova

David Lutterkort

Since its inception in 2009, Deltacloud has been focussed on bridging the gaps between various IaaS cloud API's by offering a RESTful API that can be used against various backend clouds.  Over time, the project has been expanded to include frontends for Amazon's EC2 API and DMTF's CIMI.

This talk will provide an overview of what Deltacloud is, what the supported frontends and backends are, and how to use it with Openstack. It will also explain how Deltacloud is used be a number of projects to achieve cross-cloud portability.

Watch Now

Networking is NOT Free: Lessons in Network Design

Dan Sneddon

This presentation will be an in-depth critique of the existing OpenStack networking approach, with a focus on how the Nova network controller is more of a hindrance than a help. We will also discuss the changes in Quantum's functionality required to close the gap, and alternative solutions. How can we make networking in OpenStack robust, high performance, and fault tolerant? What do typical large scale networks look like and what lessons can we learn from them? Is there an approach to networking we can take that is the same with a handful of servers as it is with hundreds of racks? 

Watch Now

Practical OpenStack Cloud Hardening and PCI-DSS Readiness

Cody Bunch

OpenStack is complex, and like all complex systems needs to have some extra attention paid when hardening the environment. This session will cover some basic cloud security concepts and then dive into the practicalities of securing your OpenStack deployment and the steps necessary to design your OpenStack Private Cloud in preparation to undergo a PCI-DSS Audit. 

  • Understanding of Cloud Infrastructure Security
  • Understanding of how the various parts of OpenStack communicate
  • Example hardened architectures
  • Practical guidelines / checklists of things to secure when building your Cloud deployment 



Watch Now

Project Meniscus: A Better Focusing Lens for System and Application Events

John Hopper

Software systems produce events but often do so in non-uniform ways. A system may log information to a file in a grammar that requires comprehension to extract meaning from the output. A system may also send events to other systems in a structured manner such as REST. Other systems may event output events directly into a database for storage or pass them to a queue for distribution to interested consumers.

In highly diverse, clustered environments like those seen in many OpenStack deployments, the system event landscape can become complex, difficult to manage and over time become opaque to the point where events generated no longer provide value. The information in many of these events have definite business value, whether it be to meter a tenant or to communicate that a portion of the cluster has been damaged or degraded. Therefore, it’s imperative, despite the complexity of the event ecosystem, to capture this information in a standardized and scalable manner. 

Watch Now

OpenStack Networking Lightning Talks

Mohammad Banikazemi, Damian Igbe, Andre Pech

This session will consist of three, 10-minute lightning talks from OpenStack Networking experts followed by 10 minutes of Q&A. A summary of each lightning talk is provided below:

Quantum Plugin and Extensions for Cloud Applications 
Mohammad Banikazemi, IBM

This presentation covers challenges in developing a Quantum plugin for Meridian, a service-level network model that provides high level connectivity and policy abstractions for cloud applications. Although the current Meridian implementation leverages OpenFlow, the services it defines are amenable to a variety of implementations including overlay networks. The Meridian architecture and implementation is described briefly. Key challenges in the design and implementation, including orchestration of network tasks on large networks, efficient handling of dynamic updates to virtual networks are then discussed. Next, the Quantum plugin for Meridian, which maps the basic Quantum constructs to the Meridian network model is presented. Finally, a set of extensions to the base Quantum API that allow the entire set of Meridian features to be exploited is described. These features include support for flexible and dynamic insertion of middle boxes. The presentation identifies some strengths as well as some weaknesses of the current Quantum design. 


SDN deployment using Floodlight with Openstack Quantum and Openvswitch
Damian Igbe 

The SDN revolution has started and while the shape of things to come is still unclear, this is the best time to delve into the technicalities of SDN. It is only those who really understand this buzzword now that will shape the future of network virtualization. This paper aims to explore SDN using Floodlight Openflow controller along with Quantum and Openvswitch. The emphasis will be on Floodlight as the Openflow controller based on experience experimenting and integrating to Quantum and Openvswitch. A hands-on demo will be provided to highlight the essential configuration steps required to get Floodlight up and running and talking to Openvswitch and Quantum in a multi-tenancy deployment. 


Extending Quantum and the OVS plugin for physical network orchestration 
Andre Pech, Arista Networks 

Quantum currently does not allow for the simultaneous configuration of virtual and physical switches as part of tenant network provisioning. When using OVS, the user is required to manually provision the physical network that provides connectivity between VM's in a tenant network.

We've extended Quantum and the Quantum OVS plugin to allow for the registration of plugins ("hardware drivers"") to coordinate the physical network based on the topology of the virtual switches, enabling a fully automated deployment of new tenant networks. We've also exposed how the virtual tenant networks map onto the physical network, providing users with increased visibility and better troubleshooting ability.

Watch Now  Slides

Securing OpenStack's Underside: True Computing

Eric Windisch

There have been a number of premature attempts to provide a trusted computing platform for IaaS software; however, all of met with failure and a lack of mass market adoption. What would be required to solve this problem for real and deliver "true"" computing? True computing requires the ability to have a trusted chain of events related to the provisioning and deployment of hardware and software. It requires integration to the supply chain with installation of initial keys at the hardware vendor's site, secure PXE booting, system attestation, and robust key management. None of this is easy or free, but what would it look like if OpenStack could become the first truly trusted cloud system? How would it integrate with the current 'trusted-messaging' blueprint? Would it make CloudAudit's API more relevant? 

Watch Now

Project Update: Heat

Steven Dake

Project Updates: Opportunity for newly elected PTLs to share the state of the project, major topics being discussed at the Summit, user feedback, and their vision and roadmap for the next release.

Watch Now

Analyzing cloud network architectures in OpenStack and EC2

Naveen Joy

Cloud Networking introduces several new concepts and practices that change the way traditional networks are being built and managed. Network architects, solution designers and application developers need to

understand these new networking capabilities to take advantage of the cloud. This talk aims to demystify cloud networking to the above audience by providing a deep dive analysis of the various cloud networking models and capabilities by using specific networking scenarios from the OpenStack Quantum service and Amazon EC2. We will also examine how these capabilities could be leveraged to build fault-tolerant cloud applications. 

Watch Now  Slides

Securing OpenStack with FreeIPA

Adam Young

Security is important when deploying any distributed application especially the one responsible for running all of the virtual machines in your data center. When deploying Open Stack, many of the security implementation details are left unspecified. This is where FreeIPA comes to the rescue. This session will show how guidance on how FreeIPA can be used to help secure communication, provide authentication and authorization capabilities for a large scale Open Stack deployment. 


Watch Now  Slides

Get Started deploying OpenStack with Puppet

Dan Bode

This hands on lab will provide an oppurtunity to see how easy it is to use Puppet to deploy OpenStack environments.

It will cover the architectural details of the Puppet modules used for installation, and explain how to easily get up and going with a fully functional OpenStack environment.

Requirements: This lab assumes that you have a laptop with the following installed: 

  • virtualbox
  • vagrant
  • git 

The lab also assumes reasonable networking connectivity in the lab.    


Watch Now

Project Overview: OpenStack Queuing and Notification Service ("Marconi"")"

Allan Metts, Kurt Griffiths

Come to this session to get an update on Marconi, an OpenStack queuing and notification service described at

Marconi aims to be pragmatic, building upon the real-world experiences of teams who have solid track records running and supporting web-scale message queuing systems.

Join Rackspace's Kurt Griffiths, Principal Architect, and Allan Metts, Engineering Director, to learn about the work that has been done and the path ahead -- including a description of the project, milestones, how it works, and an early demo.

As a message bus, Marconi allows cloud developers to use a REST API to easily distribute tasks to multiple workers across the components of an OpenStack  deployment. Publish-subscribe semantics are also supported, allowing notifications to be distributed to multiple listeners at once.

Users will be able to customize Marconi to achieve a wide range of performance, durability, availability, and efficiency goals.


Watch Now

Project Update: Object Storage

John Dickinson

OpenStack Object Storage Update: Opportunity for PTLs to share the state of the project, major topics being discussed at the Summit, user feedback, and their vision and roadmap for the next release.

Watch Now  Slides

New features for Ceph with Cinder and Beyond

Josh Durgin

Ceph is an open source distributed object store, network block device, and file system. Ceph can be used for object storage through its S3 and Swift APIs. It can also provide storage for network block devices, with the thin provisioning and copy-on-write cloning features necessary to support large-scale virtualization.

Since the Folsom release, Cinder makes block storage for backing VMs a first class feature in OpenStack. Block devices can be created from images stored in Glance, and with Ceph's RBD behind both, new VMs can be created faster while using less space. In the latest Ceph ‘Bobtail’ release, you can start many VMs instantly by cloning from templates. Also, on the storage backend side, you will see increased I/O performance due to improved threading.

This session will cover an intro to Ceph, the current status of Ceph and Grizzly, the latest features of the Ceph Bobtail release and also the technical implications and the advantages of block storage within OpenStack. 

Watch Now  Slides

Scale-out Block Storage: There's a Reason AWS Elastic Block Storage Looks the Way it Does

Eric Windisch, Randy Bias

Existing approaches to delivering persistent block storage in OpenStack focus on integrating existing SAN/NAS hardware solutions, using Distributed File Systems (DFS), or using simple Direct Attached Storage (DAS) with Cinder. There is another alternative: scale-out block storage nodes with intelligent scheduling. This is the same approach that Amazon Web Services (AWS) uses for Elastic Block Storage (EBS) and it's worth taking a close look at the pros and cons. This presentation will explore the differences between SAN, NAS, DFS, DAS, and EBS. We will look at the implicit and explicit contracts that users and operators get from the different approaches and look at a variety of failure conditions. EBS may not be right for some clouds, but for many it's an important and viable alternative to the existing approaches. 

Watch Now

A Multi-tenant RBAC Federated system for OpenStack

Dinkar Sitaram

OpenStack is extensively used in industry today. With increasing collaborations both within a single organization and between several, resource sharing is a natural extension to the existing implementation of isolated tenants (ie allow resource sharing between tenants within an organization). Furthermore, the access

and resource sharing between different cloud installations is also unattended to. We propose the addition of a service which handles both these requirements ie, resource sharing between tenants within a single organization and also tenants between different cloud installations. Our proposal (which will be submitted as a blueprint and is under implementation) aims to provide a multi-tenant federated access to resources within OpenStack. A federation is an association comprising any number of service providers and identity providers, in this scenario would mean different openstack clouds/installations. Multi-tenancy support is defined as the capability of a single cloud instance to provide its service to several customers/tenants simultaneously which in this case not only refers to the mere existence of several tenants but also resource sharing capability between the tenants within the same cloud instance or other cloud instances due to the concept of federated access.

This brings forth the need for improved Identity Management and Policy Enforcement which doesn’t rework existing deployments but rather extends them to the the required functionality seamlessly. We model the functionality of this service and the required extensions to be made to accommodate it. The crux of our model lies in the way we represent each user and his capabilities. The current system uses a 3-Tuple mechanism of (Subject, Privilege, Object) to represent users and the resources they are allowed access to. We plan to extend this to a 5-Tuple mechanism (Issuer, role(Issuer,roleName), Privilege, Interface, Object) so as to incorporate RBAC and provide access to remote resources outside of the same tenant and cloud installation.

Our talk will deal with a detailed look into this proposal. 


Watch Now

Workshop: Deploying OpenStack Swift

Joe Arnold

This workshop will teach attendees how to deploy OpenStack Swift from the ground up. It will be a hands- on training where the audience will learn by doing rather than listening. Come with a laptop, or feel free to watch and learn.

In this session, the audience will be guided through a deployment and configuration of OpenStack Swift by the experts at SwiftStack. We will walk you through the architecture of Swift while demonstrating a step- by-step installation from the ground up.

The attendees interested in participating should bring their laptops (with virtualization extensions enabled in the BIOS), and we will provide a virtual machine image that will be used in the workshop. 

Watch Now