 Hello, everyone. Welcome to join my session. It's about the hybrid cloud. Today, I will share with you the pitfalls when migrating to a hybrid cloud. Welcome to Barcelona. Welcome to join this session. I know this session is hard for you guys because it's a lunchtime. After finishing my session, you can grab the lunch, enjoy the food in Barcelona. Welcome. So let's get started. First of all, I would like to introduce myself. My name is Xu Quan. I am the technical director at 99 Cloud. I heavily involve OpenStack community since 2012. I focus on the 99 Cloud product development and the service support areas. A little bit introduction about 99 Cloud. 99 Cloud is Chinese first pure OpenStack startup since 2012. We have over four years code contribution since 2012. And we are the global top 10 OpenStack contributor regarding code commitment, blueprint, bug fix, and a line of code. As you see, we also deliver the first COE training in China. We have the mark mentioned us in the keynote today. And also, very luckily, we have become the gold member from yesterday. What 99 Cloud do? 99 Cloud focus on filling the last mile gap in the OpenStack vertical adoption. We have many customers in the electronic power industry, financial banking industry, help them to adopt OpenStack, resolve their business requirement, and improve their work efficiency. This is an example. We work with the Chinese grace state grade to deliver the OpenStack in nine provinces. And we plan to work with them to cover 100 provinces by 2018. So this is a general introduction about me, about 99 Cloud. Let's come to today's agenda. Today, we are talking about the state of the hybrid cloud, the people in hybrid cloud. First of all, I will talk about the current state of hybrid cloud. And then I will talk about why we use to hybrid cloud, why many companies want to turn to hybrid cloud strategy. Third, I will talk about the typical hybrid cloud use cases. And last, but not least, I will show you the people's considerations about the hybrid cloud, the state of hybrid cloud. Today, the companies are no longer asking if they should move to the cloud. Today, they are, do you have questions? Raise your hand. OK. If you guys have any questions, just raise your hand, and I will answer the questions. Companies are no longer asking if we should move to cloud. They are asking, how can I leverage the public cloud? How can I move migrate to a hybrid cloud strategy or even use OpenStack technology to manage in different multiple clouds? Why? Because hybrid cloud can offer a company the best of both public cloud and private cloud. I present some data for some reports and surveys here. You can see from the REST scale reports, over about 71% companies are starting to use hybrid cloud. And from some cloud's growth surveys, it's about 75% of companies are planning to hybrid cloud. So the numbers telling us hybrid cloud is the next train of the cloud business or your company's cloud strategy. Why hybrid cloud is so interesting to different companies? I think there are three important factors here. First one is speed. As we know, cloud is already accelerating our efficiency or accelerating our speed of deployment. But hybrid cloud can do that even more. Why? Because a private cloud cannot always provide all the resources required by a company in a very soft frame. Especially in those business such as the online gaming or online selling, that kind of business, they have very peak requirement in such like Black Friday or Christmas Eve festival. So by adapting hybrid cloud, we can scale within minutes and provide resources in a very short time frame. And by leveraging hybrid cloud, we can use another cross model. This is buying the base and ran the peak. The third is by leveraging hybrid cloud, we can also meet some compliance requirement and reach the geography requirement. For example, in some banking or financial industry, government required data must be stored in three data centers distributed in three different locations. If we are going to use private cloud to fulfill that requirement, that will cost a lot. We have to build different data centers, copy the same infrastructure and architecture into different areas, and build another operation teams to support that. But with hybrid cloud, we can just put the disaster recovery data center in the public cloud by just calling the public cloud API to create different geolocation data center to fulfill the disaster recovery requirement. And also, some compliance required data must be restricted in some location. So the location geography need is also great field by the hybrid cloud. Let's see some typical hybrid cloud use cases. First one is we can call it as best cloud allocation. There are a lot of criteria when we choose in different cloud provider, such as performance, cost security, compliance, co-location, et cetera. We can leverage the hybrid cloud orchestration to put the application in different clouds and to implement the best cloud allocation. The second is life cycle-based development. Different vertical industries have different requirements on the DevOps environment and production published environment requirement. So hybrid cloud and public cloud combined together can great fit this situation, meet different requirements for them. Third is disaster recovery, I just mentioned. We can just put the disaster recovery environment in public cloud, help us to reduce the cost and accelerate the efficiency. And last is the cloud bursting. With hybrid cloud, we can great leverage the public cloud dynamic resources to do the cloud bursting when the business needed. So we just mentioned best cloud allocation. Normally, when we choose hybrid cloud, we will look into different requirement filters. Performance, maybe some public cloud, they do great jobs in the GPU computing. So we can lend those kind of application in the GPU cloud. And some cloud, it has met some compliance. So we can put the application which requires security concerns in those clouds. And some cloud, it has many different data centers. We can put it in different locations to fulfill those geography requirements. And when the hybrid cloud has the application orchestration capability, it can help us to orchestrate our application in different cloud provider, lifecycle-based development. I think normally, people would like to do the DevOps in the private cloud. And then if your business has special needs, you can publish your production environment in public cloud, right? But we have seen there are many situations. For example, the first one, if some development require a very mature agile development process and CI-CD toolchain, but at this moment, your private cloud cannot provide those tools to you, then currently, there are many public cloud provides such kind of agility tools to help you to build your application. Then you can just temporarily put your dev test environment in the public cloud. And after you finish your production, you can move the production back to your private cloud or still keep it in the public cloud. Another situation is that when you develop a new application, this application may have very dynamic status. It will have peak requirements. Then it's better to keep this application in public cloud because the public cloud can fulfill your peak requirements. And when you have a lot of data analysis to know exactly what the status of the application, then you can move the application back to your private cloud. Just keep the steady status of application in your private cloud to keep the cost low. Disaster recovery is a cost-effective way to use private cloud for disaster recovery. And because we don't want the cost of perishing duplicate infrastructure, which is hardly used. And because public cloud provide a lot of convenient APIs for us to create those data center distributed, so we can just leverage the public cloud to do it. And what's most is hybrid cloud can help us to orchestrate and move the application from one allocation to another allocation. Last is about the cloud bursting. Many of you may have heard about the hybrid cloud. Typical use case is the cloud bursting. We all know we can burst from private cloud to public cloud. But the reality is not so beautiful. If we just have a side-to-side VPN from private cloud to public cloud, there will be a disaster when you do the bursting, because the network bandwidth and other network condition will be very bad. So when you plan to do the cloud bursting, accordingly, you can choose the public cloud provider to use such as the AWS Direct Connect or the Ali Cloud Express Connect to help you just connect your data center with the public cloud VPC together to get the L2 network connection and enjoy the best quality of the network so that you can have a truly cloud bursting. So hybrid cloud is very nice. It can resolve our many problems and build a nice future. Many of us may hope we can just migrate to hybrid cloud by just a click, right? But the reality is like this. We may fall into the pitfalls accidentally. And you will go into a lot of troubles, manage all the things, manage different cloud APIs, manage different templates, and do the converge templates or image all the time. So today, I'm going to share with you five people when you're migrating to hybrid cloud. People, number one, fail to manage clouds with a single pane of glass. It's very easy to get a strap in the buzzer run and rush into the hybrid cloud without doing the proper work first, just like, oh, I want a hybrid cloud. So I get AWS. I get OpenStack. Then I am a hybrid cloud solution. That's wrong. Because currently, even in OpenStack, there is no project or component that can help to manage multiple OpenStacks cloud, or even OpenStack cloud and other clouds, such as AWS or Ali cloud. We can call this heterogeneous cloud. So we have different clouds on hand. How can we do with it? Either you file a vendor to help you to build a cloud management platform on the top of it, or you will work with the community to leverage an existing solution to involve the OpenStack to help you to manage multiple clouds. So we will be blind if we cannot see the cloud between. We cannot see the cloud. You cannot control the things you cannot see. So lose the single panel control means you'll be blind in the resources in the hybrid cloud. So the quick way is to leverage a cloud management platform, such as RedScale, Scala, or Fit2Cloud, help you to manage different heterogeneous clouds. These great vendors can help you to manage OpenStack and AWS or other clouds. But if you adopt this vendor's hybrid cloud management solution on top of different clouds, then you'll have to talk with these vendor platforms. They provide their own APIs. So your application have to talk with these APIs. If you are going to leverage OpenStack APIs to manage different OpenStack clouds, there is a long story. Because currently the community is still working on this process. Community has many tools, have some field projects, and some component has some field blueprints to help us to resolve the resource management and monitor the dashboards. Use a role management image probability network top logic in hybrid cloud context. I will show you later about those things. So don't just hash into the hybrid cloud. You have to consider your cloud management platform. What kind of platform you want to choose is a vendor support or just evolve with the community or your homegrown solution. We don't like to be blind on the resources of the hybrid cloud, just like the Aya. So the P4 number two, fail to handle credentials in hybrid cloud. If we have multiple clouds, different clouds have its own authentication systems. We have to keep the different credentials in different systems. First of all, that is not an easy word for user because you have to remember so many accounts, user, name, password. And second, it's very insecure because you have to put your username, password, store in the cloud management platform and how you use the platform to manage different cloud resources. So it would be better if we have just one single authentication points to manage virtual resources spread over multiple clouds, no matter they are open stack clouds or other clouds. By doing this, we can remove the need of a user constantly remember different password for each cloud and we can increase the productivity while doing with those cloud APIs. And we can estimate, we can eliminate the need of a user identity existing in each cloud. Luckily, OpenStack has a feature about this. Because we know from the Kilo cycle, OpenStack has a federation keystone. By using federation keystone, we can implement the single Sion SSO to federate different OpenStack clouds together. So we do not need to remember different username, password in different OpenStack instance, which can just configure properly the federated identity and then use the OpenStack keystone to keystone federation to implement that. Second, well, if you have to use other cloud such as AWS or Ali cloud, then it would be better to integrate with their identity services, such as the AWS IM or Ali Cloud RAM. They will help you to create another account, which is not your master account. You will use those account to talk with the specific resources. So let's see how the federated identity works. In the federated identity is a mechanism to establish trust between the identity providers and service providers. In these cases, between the identity provider and the service provider is provided by the OpenStack, it supports several particles, such as the SAML assumption. OpenID, OAuth, you can configure those particles according to your need. And the service provider will provide the user to use the resources, such as volume, image, instance. And the user will request to use resources from the service provider. And the service provider will use, for example, SAML assumption to ask identity provider to authorize an authentication for those users. After they pass this authentication, the user can actually use the resources of the service provider. So each keystone can be a service provider or identity provider. When we configure those two roles for one keystone, we can implement the keystone to keystone federation to actually federate different OpenStack clouds together. Then you can use one account to assess different clouds and enjoy the resources in different OpenStack. P4, number three, failed to automate network configuration across clouds. I think that is the biggest problem when we consider hybrid cloud strategy. Because across cloud, we have to just one command or one button click to create a network which it can put all the cloud L2 or L3 networking connection. And we can have all the tenant VMs regarding these VMs in cloud number one, cloud number B, they are all connected. And what's more, we want the security group also enabled across different clouds and even the quarter control, the port, et cetera. So currently, that is the fundamental problem for the hybrid cloud solution. And also in the NFV area. So OpenStack community currently have two projects working to help hoping to resolve those problems. First one is TACR. This one is an official OpenStack project for NFV orchestration. And VNF management, using standard based architectures, is part of the VNF placement on specific target OpenStack VIM. It comes from an architecture called the ETS manual framework. It refers to this framework to build the NFV orchestration and management system, hoping to management the network automation in different OpenStack in TACR, we call it VIM. And another project is from the tricycle. It split the project to two parts. And the tricycle focused on the networking automation across Neutron and used in multiple region OpenStack or multiple OpenStack instance. And you can just use the Neutron command in the use the Neutron way to control the network and automate the network in this tricycle project. And so what's TACR? This framework is, I just mentioned, is an ETSI manual architecture framework. It's from the standard framework to telling the people how to do the NFV orchestration and management. And the rectangle in the right hand side, you can see is how the NFV manual framework means. And for this part, it's for the TACR scope. And for the virtual infrastructure management, it will abstract as the OpenStack. In OpenStack context, that is OpenStack. But if you put this manual architecture in a border area, you can regard this part as AWS or other cloud. It will help us to provision the network, the compute resources, storage resources, and network resources to virtualize the network function. And for the TACR, it will help us to orchestrate and management the lifecycle of all these virtual network functions to implement the network connectivity between different clouds. So this is the TACR architecture for generally, you can see. It consists of two paths, NFVO, orchestrator, and the NFVM management, lifecycle management. And in the bottom, it will management different VIM, which is the OpenStack instance size, or even different multiple or other heterogeneous clouds. From the latest roadmap, we can see beyond Newton, TAC team will plan to implement the multiple VIM support, including when we are AWS, we are looking for this project to help us to resolve the network automation problem in hybrid cloud context. So after finish this grouping, we can just use OpenStack management different clouds, such as OpenStack, AWS, when we are cloud, and use the TACR to automate the network orchestration and we have lifecycle management and connect all the network within different clouds and implement the tenant management, tenant network management security and other things and other network functions. So TACR provides another concept about how to implement the network automation in different clouds. Let's check how tricycle do the network automation. It will leverage the neutral plug-in. In the tricycle central, it will have a central neutral plug-in. And in different cloud origins, it will have its local neutral plug-in. And when we have the network creation event, it will go through the plug, it will pass to different clouds and the local neutral plug-in will help us to build a network connect, help us to build a network and put all the network connection together. And P4, number four, fail to orchestrate application across clouds. If we have network connection automatically connected together in different clouds, second one, we will like to build applications. Those applications can just meet the requirement. I just mentioned the best cloud allocation. We would like to put the application. One part in, for example, in AWS, another part may be in private cloud in OpenStack. In OpenStack, we have a project called Morano. It will help introduce an application catalog to OpenStack. Which will help us to orchestrate the application and help the developer to publish their cloud-ready applications. But currently, the Morano cannot help us to orchestrate the application across clouds or deploy it in different clouds. Currently, Morano only can do the multi-region deployment. We can see some people will draft some blueprint to support the extent the Morano capability to deploy the application across different clouds. But I think this will wait for the evolve of the Morano. Because currently, this feature is not in the priority list of Morano team. We will see how the Morano is growing and supporting hybrid cloud application in the future. And if you are going to use Morano, another option is that you can use the Cloud Define plugin. I have looked at the Cloud Define. They provide another plugin which can work with the Morano to orchestrate the Morano application in different clouds by using the Costco template directly. So this may be another option to leverage the Cloud Define and Morano together. People number five loves control and protect when migrating to hybrid cloud. So if you are going to build an application, never is already. The next thing you are going to consider is that am I safe if I put my application in hybrid cloud? In this safe, maybe in your private cloud, because your private cloud is much safe, secure, you have isolated network, you have firewall, but is it safe or do you still have data protection or encryption all the time in the public cloud? And when you put the data or application in the public cloud, does the public cloud pride still meet all the compliance requirements? That's very important. As we see here, there are a lot of compliance in the different industry. If you are going to migrate your application and you are in a very security-concerned industry, then you are better to look at what kind of compliance the public cloud provider is meet. Then you can have confidence to move your application back, move your migrate your application to the hybrid cloud. So I'm not going to go through all the compliance you can for your reference. So what's the solution for this? You have to check the public cloud providers compliance if they meet all the requirements. That's the first. And you have to wait if some public cloud provider does not meet the compliance and cannot do too much about this. But what you can do is you have to combine all the monitoring and log analysis in your private cloud and visualize them and have your private cloud meet all the compliance. That's very important. And you can also provide some all the logs and reports to certify the regulators. And the second part is very important. You have to know exactly what kind of security issues countries open state have. You have to know what kind of security issues this version have, what kind of design issues, what kind of issues it's by default is just there. You have to find a way to work around and meet all the compliance. Fortunately, we have OpenState have a security project tool to help you to understand clearly currently the OpenState security issues. You can check the website here to see the security OpenState.org. And you will see there are OpenState has different kinds of security issues. One is called the OSSA. It will create it to deal with the security issues in OpenState, which is fixed and available. You can get the patch and put in your cloud if your version is older. And second is about the OSSN. This is a note for your information. This is typically some design issue or deployment issue configuration issues. You would like to know this issue and find a solution for it or mitigate it. So I think that's all for all the people sharing. It will help you to know all the people and you can avoid to jump into these people and have a great journey on the way to the hybrid cloud. Thank you.