← Back to team overview

openstack team mailing list archive

Re: Using openstack to manage dedicated servers in a service provider setting

 

I had originally wanted to deploy full server sized KVM instances and rent
VPS' that way, but it was brought to my attention that a certain market
segment which I'm targeting- tech startups, who are testing apps on these
rentals, are unable to get reliable metrics because of the software between
their app & the hardware. So I've shifted gears to offering dedicated
servers instead, to remove that layer of interference.

Couldn't I re-flash the BIOS between each tenant to be sure there isn't any
problem with it?

-----Original Message-----
From: Robert Collins [mailto:robertc@xxxxxxxxxxxxxxxxx] 
Sent: Sunday, May 26, 2013 4:56 PM
To: chris@xxxxxxxxxxxxxxxxxxxxxx
Cc: openstack@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Openstack] Using openstack to manage dedicated servers in a
service provider setting

On 27 May 2013 07:01, Chris Bartels <chris@xxxxxxxxxxxxxxxxxxxxxx> wrote:
> Hi,
>
>
>
> I'm working on a startup that aims to rent dedicated servers to tech 
> startups, and I would like to use OpenStack to manage the servers I 
> rent out.
>
>
>
> I saw on the OpenStack Foundation YouTube channel there was a video 
> there about using OpenStack to manage bare metal, but the presenter in 
> the video had such a strong accent that I couldn't understand anything 
> they were saying & didn't learn a thing from the video.

Which video in particular ? There are a number of groups who have been taped
presenting on bare metal things.

I'm part of a team working on using OpenStack [baremetal] to deploy
OpenStack [virtual]. So I'm happy to answer any questions.
http://www.openstack.org/summit/portland-2013/session-videos/presentation/pr
ovisioning-bare-metal-with-openstack
is a good video on the baremetal layer, which is what will interest you I
think.

That said, there are huge security issues with repurposing baremetal from
one tenant to another: in the absence of UEFI secure boot it is possible for
the prior tenant to inject hostile boot-time firmware into physical devices
that have software flashable EEPROMS. Currently in OpenStack we have no
mitigation for this at all: so I would very strongly advise against using
OpenStack baremetal to provide dedicated machines.

What I suggest you do instead is provide KVM instances where the KVM flavor
size exactly matches the physical machines - so youre tenants have the full
capacity of the machine, and only the [low] overhead of the KVM layer. This
has a -much- better security story. You could use TripleO - OpenStack on
OpenStack - to manage this setup.

-Rob
--
Robert Collins <rbtcollins@xxxxxx>
Distinguished Technologist
HP Cloud Services



Follow ups

References