 Good afternoon everybody My name is Darren Hansen. I'm the vice president in general manager for open-stack private cloud at rack space I'm going to be joined on stage before the end of this 40-minute session by Jim Tricorico who is one of our customers and Justin Shepard who is our CTO for our open-stack business and one of our distinguished architects at rack space so what we typically like to do at these times as quickly as possible turn it over to a customer and very credible technical resource to talk about open-stack open-stack as a service and when we talk about open-stack as a service it is really the customer experience and access to technologists the best technical talent in the world for Operating open-stack that really brings home the reason why you would work with a company like rack space But before I get to them, I want to spend a little bit of time on a topic that's near and dear to my heart And that is the movies So how many cinephiles do we have in the room anybody that are movie lovers? Okay, good. Does anybody know what movie this is? Marathon man, excellent I was so worried that it was going to be all millennials in here and nobody was gonna have any idea What the hell marathon man is so marathon man is this really interesting movie the 70s were a very Kind of scary time, you know post-Vietnam Nixons in the White House so movies were a little bit sadistic You had your dear hunter. You had your taxi driver. You had your marathon man So marathon man is about an everyman played by Dustin Hoffman Who gets pulled out of his apartment and into a room with a chair? where he is subsequently kind of tortured and and molested by a former Nazi fascist played by the great Sir Lawrence Olivier So I'm gonna play a quick clip and then we'll we'll talk maybe a little bit about bringing this home relative to to open-stack audio All right, we're gonna go back audio we're gonna really have to crank it right turn this one goes to 11 another reference all right Is it safe? Yes, it's safe. It's very safe. So safe. You wouldn't believe it Is it safe? No, it's not safe. It's Very dangerous careful So I don't want to Compare anyone's boss or superior to a former Nazi fascist. That's entirely for you to decide if That comparison has anything to do with your specific situation But in this case you have this fascist dude who is leaning over Dustin Hoffman and all he will ask is is it safe? Now this could be any number of questions. Is it secure? Does it scale? You know, does it perform well will it meet our needs will it remain up? but it's a very very uncomfortable position for our hero Dustin Hoffman to be in and so Many of the people that have to make the decision to deploy open stack have to get through this the sort of round of scary scary Questions from their superiors about deploying open stack. The good news is that open stack has come a long way home so Rackspace as a founder and the first and creator of open stack We were among the 75 people that were at that first open stack conference right here in Austin six years ago, and it's now this thriving community of 30,000 38,000 plus individuals almost 600 companies. They're talking now about, you know, the 50% of the fortune 100 are deploying or have deployed open stack and so there's a lot to Be really really energized about from the standpoint of those of us that are thinking about deploying open stack But all of that doesn't necessarily Answer the boss's question about is it safe or? Does it scale? Yes, yes, it scales incredibly well. It's gonna meet all our performance needs. You wouldn't believe it Will it scale? We're not sure this is the first time we play with this technology. It's never really been tested at this scale so Getting through those questions is where you know, hopefully Rackspace is in a very specific position to help Now the reason that you still have him asking questions asking questions about whether or not it's safe is there also some things out there about the number of Initial open stack deployments on the part of enterprises or large mid-market companies that fail the first time out There's a lot of fear and uncertainty about stability and scalability and complexity and the pace and a new release every six months So there's plenty of fear factor out there that is creating a lot of this kind of angst 70s level angst on the part of our customers and These are the two biggest reasons why there is such angst and when you look at the open stack survey That was just released. These are the themes that really resonate and come home One is complexity the fact that open stack in and of itself is not a product It's a series of awesome features projects code bases Really really really powerful set of tools that can transform your business and really allow you to move at a speed That was not possible before and so that's a very very exciting, but it's not in and of itself a product So what you're looking for is someone who can tell you which pieces are ready for prime time Which ones can be deployed ha which ones sort of meet their primary use case and are ready for broad consumption Which ones have been tested to actually scale in production? Which ones are running in production and for whom these are the kind of questions that a open stack as a service partner can answer for you And the other thing that you need is the talent that can help you put those pieces Into a Millennium Falcon that can do the Kessel run in 14 parsecs 12 thank you. I was just a test Also a force awakens reference, but okay so you also need that team of talent that has configured it deployed it tested it and done so at scales that Probably hopefully exceed what you're going to do for your own business But maybe not and we're happy to talk to you about our capabilities in this space So it occurred to me that when I was hearing all this 70s level angst I'm hearing all of this fear uncertainty in doubt because I hear it a lot when I talk to customers about You know, is it safe? Does it scale? Will it meet my performance requirements? Is it ready for production workloads? Is it can you really deliver this with an SLA? And it occurred to me that a lot of these questions are coming from the perspective of the do-it-yourself model So that leads me to the eye this idea that there are two deployment options that you have with open stack There's do-it-yourself which in the extreme is literally you alone in a room You know, hopefully you have a team around you that is that is going to Rally around you help you learn help you deploy But there's really do-it-yourself by taking the upstream open stack bits and figuring out your own Difference architecture and your own deployment and then there's do-it-yourself with professionals Who will come in and help you build something so you you have companies that will come in and Give you a distribution which is an effort to sort of bring the old school software in a box perspective on trying to product eyes open stack and the software subscription model But that still has a level of do-it-yourself in the sense that those companies will come in and provide professional services Build and design to help you get off the ground with your open stack private cloud But you're still doing it yourself relative to what does it look like to operate it on an ongoing basis? What is it like to patch this environment? What is it like to upgrade this environment? What is it like to optimize this environment? What is my capacity planning toolset look like? How am I monitoring where I am on compute and storage and that I have the resources available to my neutron network as my network traffic continues to grow and grow so Really the message from from rack space is that we feel like we have figured out the superior model for consuming open stack And it's not DIY. It is open stack as a service and when you consume open stack as a service You get a few things one the superior model itself, which gives you a reference architecture a reference deployment a Very specific way of deploying the open stack services the control plane the compute the storage in a way that we've tested that we have rolled out for more than a hundred customers that we know Scales that we can talk to you about how far we've been able to push these technologies and scale these technologies for our customers They can all be delivered in high availability fashion and because we have the experience We've productized it. We've picked the right projects. We've deployed it in a very prescribed way we can deliver a 99.99 Industry-leading uptime SLA, which was the first and still the best uptime SLA for making sure that the APIs are available to your applications when you need them Third reason that it's a superior model open stack as a service is again proven operational expertise We talked about complexity and access to talent first couple nail complexity this middle one is about access to the team that has deployed and Operated open stack at a scale in the industry that is really a factor of many When you consider our public cloud and the the operation and ongoing deployment and optimization of our public cloud Which is running open stack as well as running open stack from everywhere from fortune 5 fortune 100 upper mid-market We for companies large and small and a very diverse set of use cases We have the done match portfolio where we can start with training and professional services But then we move you through into what is really different about us Which is the 7 by 24 by 365 support and the public and private deployments that you can take advantage of and then? Two weeks ago we took open stack everywhere to another level where in the past We've always been able to manage your open stack private cloud anywhere in the world by providing some monitoring and some remote management hooks back to rack space to be able to manage Your cloud for you, but now we've also are delivering this cabinet level solution Where if you know that you have a certain level of scale and you've gone through the proof of concept You've gone through the testing we can now deploy the entire fanatical experience including an OPEX model the capital ownership of all of the Gear and the networking equipment that makes your data center look exactly like a rack space data center so if you have data sovereignty issues if you have security issues if you have compliance issues and you're looking for a managed service provider that can provide Really a hosted open stack solution But in your data center asset that you've already made investments in or in a country where you have data sovereignty issues now We can really provide that anywhere in the world So a few customers this is OSG who is our consulting partner that works with us on Barkley card us and I'm not going to read the quotes to you But in in three key areas that will help you overcome the objections or the 70s era Fear factor that exists around open stack critical performance improved speed of innovation and open stack expertise Again, this is an example of a customer where we are executing this this mission and vision on a daily basis Encompasses a digital media company that encodes digital video and makes it available for its consumers in a very fast and agile way same thing How we perform for them from a critical performance standpoint and improve speed to market standpoint and an open stack expertise standpoint and what we get told over and over again by companies that are Evaluating different ways of deploying open stack distributions Service providers managed service. This is one of our major retail Customers for whom their entire black Friday shopping experience and and all of their e-commerce for all of their brands Multiple brands runs in production on rack space private cloud powered by open stack Saying that we're two to three years ahead of every other open stack provider and distribution But especially when it comes again, this is about operating and being with you throughout your entire journey As a customer as you consume open stack so that you can have the last laugh and Again, this is entirely up to you if you actually do this to your boss Who may or may not have fascist level qualities? but this is what we want you to be able to do is win at the end of the day and have a successful open stack deployment and That is the end of my commercial part of the presentation and let me take a quick pause to get a quick round of applause for Jim trick-or-reco from open exchange come on up Jim Yeah, either way cool, which is your good side both. Okay. Oh, yeah, you're better than me. I don't have one So tell us Jim a little bit about open exchange and your business the business that you're in introduction to your company sure open exchange is Well, we do a lot, but we've been around for a while and we're focused on enterprise collaboration tools So we do large-scale email deployments. We do word processing cloud-based word processing Spreadsheeting we have secure disc storage things like that for our customers to use so we run the gamut we've been around for a while and We were primarily in the year in the EU and recently a couple years ago. We decided to Make that giant leap into the US. Awesome. So when we did that We had a whole new set of challenges because our US customers were much larger than anything. We'd ever done in the EU So that's sort of how we started getting into open stack and and rack space excellent So tell us a little bit about your evaluation of open stack and why your company eventually came around to choosing and Deploying open stack and some of those experiences so far. Sure. So open exchanges is the word open and open exchange actually Matters here because from the top to the bottom of our company. We are extremely open extremely transparent with our customer base And really internally with our employees were we're software agnostic All of our employees use whatever they want to use as long as it gets the job done But we're also very customer-focused. So if a customer says that they have these 35,000 requirements, then we fit those We have we're very focused on retention and things like that. So so A couple years ago when we were mostly a software company We tried to do open stack internally and I'm sure you all probably know how that worked out It didn't work out so hot but we did learn a little bit about it and we learned enough to know that it was a very solid platform and We just needed some help with it So we as we became more of a software as a service company We started looking for more of an infrastructure as a service partner And and that's sort of where we went to rack space because we needed those experts We needed the guys that that knew what they were talking about from from everything from compute to storage to you name it networking and While we could do that internally Our focus was not on that we didn't we don't we don't care to do that That's not our business our business is to adapt our product and our software to our customers So that's why we enter rack space enter open stack open stack gave us the the flexibility to scale expand contract However, we wanted to the networking components were super cool. And now we've got this really World-class data center world-class partner And we're really growing fast because of it. So tell us about the first couple of interactions I mean, there's clear clearly a reason you went for a managed service or open stack as a service Tell us about the the couple of interactions with the type of credible technical talent that has been so powerful so far Yeah, so I'm sure you all can imagine there are there are a lot of challenges that come with Large enterprise scale, you know, big big customers and in terms of email And things like that. So as we ran into those challenges Internally we were like, well, who's gonna handle this who's gonna handle that and it was just super nice to be able to go to Rackspace and say look, we're facing this problem internally, you know, do you any advice for us? And they're like, whoa We don't need to give you advice. We can just do it for you We can we can we can show up and you know, we've been to the castle in in San Antonio, which is really cool We've met with a lot of good people. They've come to us It's really just been a very a lot of synergy for lack of a better word Between Rackspace and us and really with OpenStack as well We've we've really been able to leverage it the way we wanted to because of Rackspace. So awesome. Perfect. Thank you, Jim Another round of applause please for Jim So I want to pivot now quickly. We're gonna talk specifically now about neutron and Scaling neutron and what it means again to be able to partner with a company who has seen just about every challenge in the book And I'm gonna invite on stage Justin Shepard who is a distinguished architect one of four distinguished architects at Rackspace and Really one of the credible voices that? You know customers really really value access to to be able to have conversations like this one So Shep talked to everybody about neutron and what we're doing to scale this particular technology. Thanks, Darren Good afternoon. All right real quick before we get started How many people run neutron based OpenStack clouds in the room quick hand? That's a good amount. All right good. So You haven't you're gonna find out some of the fun things so neutron Software project contains 60 drivers across four different projects and sub projects. You've got your base network drivers You've got firewall drivers load balancers and VPN drivers, but do the math on that I think that comes up to about 30,000 plus combinations So I have to make all of those choices before I even start running anything Lots of fun Now if I throw in scale, I now have to manage and operate those and tune those at scale This becomes all sorts of fun. I want to go back into the marathon man image of you sitting in a room Try typing that into Google and getting help on your permutation of the combination at scale at a hundred thousand nodes So neutron is probably one of the most complex services One of the things that we do see with customers is They run into a lot of pain when they're scaling and so One talk a bit about the pain how to avoid it All right, so the first piece networking is a service. So you're gonna run neutron You're gonna put all SDN in here and you're gonna get some SDN goodness Traditionally enterprises have developed application topologies over years and years and years of running these things, right? So the topology comes together based off of all sorts of stuff it your application design patterns Influence it your security posture influences it a lot of your operational practices influence it a lot of your personal process stuff influences as well Everyone's probably fairly familiar with a normal three-tier application, right? So I've got the land separation between all my three tiers I've got firewalls in place of all three of these tiers controlling access between each one of the tiers I've got load balancers distributing traffic With these whenever you add in new webs or a new app Let's say everyone's kind of familiar with having to go into your ITIL ticketing system and say that you added a new box and submit a ticket to get a change request so that you can open up a port from Web 4 off to this new database server or one of the new app servers And it goes into some queue somewhere where someone has to go and manually click a button and look at an approval and say Yes, I agree that this change should happen and ultimately a lot of times it boils down to Some person has to log into one of these devices and actually start making a change Whenever I start talking about software to find networking it transforms into this So I just have a networking fabric where all of my VMs that are running all of the roles are just tapped into and I still have all the functions. So I've got load balancers. I got firewalls. I've got VPN. I've got routers But the tools change each one of these now are virtual network functions, right? So these are usually stripped down versions of their components If you're familiar with the Cisco router as an example if you start playing around with a neutron router Those two are gonna be wildly different worlds. You don't have an iOS console. You're not able to do V&I's set down on to the infrastructure the same way that you're used to so interacting with these is really a big thing So having said that the the next part of it I would say is everything's really a trade-off here So you have all of these topologies that have built out over years You have these security requirements and trying to do this inside of a software to find networking function can be tasking On the left-hand side or yeah on the right-hand side. You have these big purpose-built devices, right? So you've got huge Cisco Nexus routers or you've got checkpoint firewalls You've got these things that have been designed over years and years and years in tune to run and perform at optimized speeds On the other side of the equation now you have software. So I've got cheap Software versus expensive hardware The point to note here is that the software is still maturing. So it may not actually do all the things that you want it to do a Great example of this trade-off. It's something like a VPN concentrator So a lot of enterprises have got VPN concentrators in the environment So it's a purpose-filled device. It's able of handling and terminating thousands of VPN sessions from concurrent users Tunneling into your environment the hardware is optimized It's got silica that has got hardware acceleration for all the off the offloading of the encryption You're able to centrally manage it Generally, there's a single sign-on aside with this you're able to log in once and get into different parts of your environment We all know that single sign-ons a bit of a lie in most places On the left-hand side if I were to do the software I've got VPN as a service So today the reference implementations for the unists service. I can't say that VPN as a service Are things like open swan open VPN? The important thing is this is just software that's running in the cloud that is terminated at the tenant level It is on-demand for the tenant to be able to spin these up configure them however. They want peer with whatever they want And so now you have lots of interesting challenges. How are you going to do your single sign-on management here? How do you start to manage all of the logging credentials? How do you enforce a lot of your security postures that you have? I mean everyone's got auditors that come in and regularly check their environments if they're fisma or HIPAA or PCI compliant and those auditors kind of know with the hardware piece what questions to ask right if you're running a Checkpoint or a Cisco VPN concentrator or firewall. They know okay. Here's the standard operating procedure that you're using for managing this I can get to the log for auditing data I know how to check and see if you're actually doing all the things that you say you do how you're managing all your change control Whenever I start introducing the software stack all that kind of goes out of the window The auditor is not familiar with any of those tools and now you're talking about things like well I've got open VPN configured a hundred different times inside of my cloud connecting to Lord knows what peers It's not centrally managed. It's completely on demand all of the onus is now on the tenants and that makes auditors cry The second thing that we tend to see is a lot of enterprises will Use new tools in an old-school way All right, so going back to the three tier application, so I've got some SDN now I want to apply it everywhere and there's this interesting thing called floating IPs Floating IPs are really meant to allow you to have a well-known IP for any kind of a role And then it provides you the ability to detach and reattach to any instances across the system So that you're not having to deal with the ephemeralness of the IPs in the infrastructure, right? So it's an abstraction that separates those Today we see this all the time where customers will come in and they will go. Okay. I'm gonna put floating IPs everywhere Obviously, this is better. It's SDN all the things. It must be better well turns out you just added a whole bunch of latency into the system and a whole bunch of Choke points that can cause problems. You have troubleshoot for zero value. You haven't done anything here today Administrators are still logging into every single one of those boxes. They're pushing new code to that box They're upgrading it. They're running a whole bunch of hand scripts. They're patching the operating system You're not moving it anywhere. So I have a detachable resource that's connected to this that does me no good I'm not attaching it. Detaching it. It's there forever So I've introduced a bunch of latency for zero reason Where what you might want to do is take that same stack put a floating IP in front of your web server Or maybe a load bouncer and be a better representation here And then whenever I get ready to deploy new code I deploy new web and app assuming that all your state is kept in the database to hand wave over that piece a little bit And then you can reattach the floating IP over to the right-hand side, right? So now I'm actually using one of these features that is useful to me. I have reattached it. It gave me something I'm okay with any kind of Performance hit that I'm taking because I gained something back The last thing is that staying current matters I Cannot tell you how many times I talked to enterprises where they really are asking for agility Speed transformational service, but they also immediately go into the enterprise software life cycle where they expect to live on the same code For three to five years, right? They're companies out there whose entire value proposition is pay me so I can protect you from all this innovation And I will you know long life software for you. I'll do all this back port By doing that you miss out on a lot of the innovation you miss out on all the bug fixes You miss out on all the vulnerabilities or you're having to pay a hefty tax just to receive that but you still Probably don't get a bunch of the new features and if we're going with all the software We want to be on the newer versions because that's where all of the innovations happening That's where the new features happen. Most the time everyone that has a long life policy will not Backport any kind of features And so all the innovations happening on the new version So upgrading I get to cut all those out. I Can't tell you how many vulnerabilities come through in each release We've seen about two to five but for any given product inside of the open stack big tent Each one of these can have two to five of its own vulnerabilities and half the time you might not even know about it You also might be getting bug fixes that you didn't hit yet So the best thing about running on the newest code is that you have the newest code The best the worst part about running on the newest code is that you have the newest code So it does not come without its own challenges staying current is not easy either There was an example that we ran into Where we had a kilo environment stood up We had hundreds of VMs or thousands of VMs across to hundreds of hosts all up and running We upgraded it to Liberty and because we were checking it scale and we were monitoring it This was a test environment. We were watching the ping times on all these VMs Whenever we did this upgrade all of a sudden the ping times jumped By an order of magnitude So I went from a couple milliseconds to maybe a second or sub just just short of a second turns out that it actually had to do with a feature that was released that does IP tables state management And so we your security groups it does a diff between where you're coming from where you're going to and attempts to just Load just a smallest portion of security groups that get you in compliance There was a bug at scale whenever you're running this a race condition where it actually Wiped out your entire IP table set for your security groups and then re laid them down But it also Commingled with some of the existing rules so got into a really squirrely state now This was because it was running at scale if you were running this on dev stack it worked in dev stack You wouldn't have ever seen this matter of fact it gated without any problem But because we were running this at large scale. We were able to see it so that's one of the last things here is Being able to check all of these things at scale Being able to see them running in large scale and find those race conditions and those bugs where it's not Necessarily a small-scale implementation or specifically you wouldn't find it in a single instance of the code But whenever you're running at scale they do pop up This is part of the reason why we actually founded the open stack innovation center with Intel is to be able to start Finding these problems and be able to run these things at scale be able to test networking environments at scale be able to Gate at scale and be able to find all these issues that only crop up under scale As part of those open stack initiative We have two thousand node clusters that are available for the community to develop on Not to turn it into a pitch, but it is important It is there it is a resource that the community is capable of using you find people You now don't have to necessarily check it on your laptop. You can't actually check it at scale You can put in a reservation request and get access to a large number of machines to be able to run these patches through And there's some work that we're actually doing with the open stack foundation and the open stack Infra teams as well to start putting this in so you should start seeing some of this benefit But I would invite you to join in with the initiative and start bringing test cases to the open stack Innovation center so that we can start finding these things because the best place to find these bugs is the people That are running them and running into it Um lastly for going to Q&A So rack space he's got the rack space cantina I am not the smartest neutron guy in the world. This man may be he literally wrote the book Come on by the open stack cantina. He's doing a book signing tomorrow. I think actually he's doing another session as well So the rack space cantina Please come by Now I will open up for questions and answers. Do you want a question? Yes, sir and and So yeah, I mean for a long time right we ran Nova networking Before neutron we ran Nova networking But since neutron is there it is the thing that has all the integration points and so running something that is not neutron means that you're Gonna have to rewrite a whole bunch of compatible APIs and manage an entire system and furthermore really backport all those changes right now You've wedged yourself in between two projects and you have to proxy either side So neutron starts implementing some new API calls to neutron you have to proxy that neutron starts implementing new APIs You have to kind of do a bunch of work where working on the neutron code base is probably a simpler problem There was another hand Yes, sir. Thank you Evan Lord of the Rings reference marathon man, sir. Yes, sir So one of the things that we actually see with a lot of customers is yeah, thank you Is we tend to actually advise them to take a mixed approach, right? So you actually can run overlay and non overlay and you can do provider networks or VLAN networks and actually propagate those up to The cloud they're not cloudy right so you don't necessarily have programmatic access But there's a lot of use case that can be met by that and it still allows you to tie in a lot of your physical devices That you're used to managing Go ahead So that is an ongoing challenge. Yeah. Yeah, it's not a solve problem by any means We do we see that a lot where actually the developer community is the one that does most of the pure SDN It's a good use case. It makes a lot of sense Auditing for that is depending on your environment. Sometimes dev environments aren't as audited as strictly as production environments Sometimes they are there are some tools out there that start to help this and there is a lot of work going on inside of Some of the logging projects to be able to give the audit ability tracks back to auditors there is without a doubt some sort of Education is going to happen with the auditor community where they have to get used to being able to get an output of IP tables or OBS flows or all these things that are the security mechanisms and be able to understand them and translate them back into the checkboxes That they're used to Yeah, it's very much a hole in the space. It's emerging technologies part of the space and there are Technology providers out there that are looking at providing Virtual network functions for those things that will tap in line for that And then you're able to actually manage it through policy management and set the policy at create time so that you don't have users that can Get themselves into a violated state There are a couple of them out there right now I think you're starting to see them like cloud passage is one that I can just think of off top of my head not to pimp them That is starting to do this and they're starting to put in those functions that have tie-backs to the auditing systems That you're used to of record and being able to integrate towards those And so I think you'll actually see those guys come up a lot in the next couple years, right? Because I mean suffer to find networking has been around for a little while But in the grand scheme of things not very long it is now It's been in cloud mostly and you're starting to see it go back into the data center depends on where you've seen it Sometimes you may have seen it the day sooner first But a lot of those tools have yet to catch up and so now as you get into environments that are security conscious You're gonna have to ask and beat on your vendors of you need to give me these tools I can manage policy management. I can't have some person logging in and clicking a button I have to be able to access it programmatically and you have to vote with your wallets on that If a customer if a vendor won't sell it to you don't buy it from go buy it somewhere else Yes, sir Yeah, so I'm gonna be a jerk the dude two seats behind you that just made a comment a minute ago Is the guy you want to talk to about hairpinning. He's the do that wrote that code. You're welcome Evan Yeah, right there the little white shirt right there holding his hand up So the VX and so on the private cloud open-stack side We actually use straight-up VX land and we implement Linux bridge instead of OBS today That has more to do with history OBS on the one dot series was a little rough operationally There've been giant strides in it and we probably need to reevaluate that but today We actually do it with Linux bridge because it's the same set of tools Everyone understands from a Linux engineer perspective. I mean, it's not re-implementation of all of them So we do that and then it's straight up the excellent Not on our core product today. Yeah But I mean you think look things like open daylight, right? They're actually starting to recognize links bridges a viable option you go to their front page the install instructions aren't for OBS They're for links bridge any other questions time check You want four minutes back. Thank you