openstack team mailing list archive
Mailing list archive
Re: Using openstack to manage dedicated servers in a service provider setting
I had originally wanted to deploy full server sized KVM instances and rent
VPS' that way, but it was brought to my attention that a certain market
segment which I'm targeting- tech startups, who are testing apps on these
rentals, are unable to get reliable metrics because of the software between
their app & the hardware. So I've shifted gears to offering dedicated
servers instead, to remove that layer of interference.
Couldn't I re-flash the BIOS between each tenant to be sure there isn't any
problem with it?
From: Robert Collins [mailto:robertc@xxxxxxxxxxxxxxxxx]
Sent: Sunday, May 26, 2013 4:56 PM
Subject: Re: [Openstack] Using openstack to manage dedicated servers in a
service provider setting
On 27 May 2013 07:01, Chris Bartels <chris@xxxxxxxxxxxxxxxxxxxxxx> wrote:
> I'm working on a startup that aims to rent dedicated servers to tech
> startups, and I would like to use OpenStack to manage the servers I
> rent out.
> I saw on the OpenStack Foundation YouTube channel there was a video
> there about using OpenStack to manage bare metal, but the presenter in
> the video had such a strong accent that I couldn't understand anything
> they were saying & didn't learn a thing from the video.
Which video in particular ? There are a number of groups who have been taped
presenting on bare metal things.
I'm part of a team working on using OpenStack [baremetal] to deploy
OpenStack [virtual]. So I'm happy to answer any questions.
is a good video on the baremetal layer, which is what will interest you I
That said, there are huge security issues with repurposing baremetal from
one tenant to another: in the absence of UEFI secure boot it is possible for
the prior tenant to inject hostile boot-time firmware into physical devices
that have software flashable EEPROMS. Currently in OpenStack we have no
mitigation for this at all: so I would very strongly advise against using
OpenStack baremetal to provide dedicated machines.
What I suggest you do instead is provide KVM instances where the KVM flavor
size exactly matches the physical machines - so youre tenants have the full
capacity of the machine, and only the [low] overhead of the KVM layer. This
has a -much- better security story. You could use TripleO - OpenStack on
OpenStack - to manage this setup.
Robert Collins <rbtcollins@xxxxxx>
HP Cloud Services