 50 billion devices connected by 2030. 180 zettabytes created by 2025. More than 7,700 satellites currently in Earth's orbit. What can we do? We build open source software to solve infrastructure problems. We create diverse, inclusive, sustainable communities. We meet locally, regionally, globally. We collaborate without boundaries. We're open-infra. Thousands of deployments across every industry. More than 10,000 individual contributors with 650,000 changes across 65 countries. 700 supporting organizations. 110,000 individuals across 187 countries. With one mission. Build the next decade of open infrastructure. 22nd Summit. We've brought the summit all over the world. So from Austin to Paris to Tokyo to Sydney to San Diego, Vancouver, Shanghai. And it's always been a pleasure for me to meet you all at all of those events around the world. To see so attend so many interesting talks. To have so many interesting discussions. And just collaborate to make the software better. Like Allison said, about half of the audience. For about half of the audience. It's your first open-infra summit. And so you may not know that this is our third time in Vancouver. We had a summit in Vancouver in 2015. And back then it was still called the open stack summit. And since then we have expanded our mission. And we have renamed the summit to open-infra summit. We have renamed the foundation to open-infra foundation. Open-infra is short for open infrastructure. So what do we mean by open infrastructure? Well, let's break it down. First, let's look at open. Open means open source, first and foremost. But beyond the licensing, it also means openly developed, openly designed and openly governed. And those four open principles are essential to creating healthy, sustainable communities. Which is key to producing long-lasting infrastructure software. Next is the word infrastructure. With our experience in open stack, we realized two things. That it was serving a new population of operators of infrastructure that are interested in using open source solutions for providing infrastructure. It's really a new role that we are seeing emerging within organizations, within companies. And the second thing we realized is that this new population was interested in more than just open stack. In practice, open infrastructure sits between hardware and application servers. For everyone to build and innovate on top of. This is a space that benefits a lot from commoditization and standardization. It's a space where we can openly collaborate on common solutions because there is a way to monetize and differentiate on top. And in reality, if you look at history, it's a relatively new idea. Back when we started this in 2010, open source was not the dominant force it is today. On the infrastructure side, there was basically one big proprietary player in the private infrastructure space. There was one big provider relying on a proprietary stack of services in the public space. And with that, you can imagine all the side effects like monopolies, high prices, vendor locking, limited customization, etc. And we started our journey back in 2010 to create a better option. We wanted to build open source solutions for providing infrastructure and make those key technologies available to everyone. Our idea was to build something for anyone to do anything to use anywhere. We wanted to make sure that anyone could have access to those technologies. We wanted to make sure that they could use them to do anything without asking for permission. And that those solutions would be available anywhere to help distribute the future more evenly. And we started doing just that. We created OpenStack, which was the first open source cloud software with a universal focus being usable by anyone to do anything. But what OpenStack really created is a space to discuss open infrastructure. And this gave other projects like Ceph, like OpenV-Switch, like KVM a space to be discussed, to be integrated, to be exposed to the world. And they were soon joined by other projects. Kubernetes was created really with the same principles in mind. And we got Kata containers and Zool and StarlinkX and all of those other projects. They're all targeted to the same audience. Infrastructure providers interested in using, developing, deploying open source solutions for providing infrastructure. It could be with the goal of building a completely open source stack, but it's also with the goal of just using one open source piece in other words, otherwise proprietary stack. And this week at the OpenInfra Summit, like Allison said, we'll have all those communities getting together. OpenInfra projects, but also Kubernetes, Alma Linux, Rocky Linux, CentOS, Ceph. And Ceph will actually have their Ceph days here on Thursday. So please be sure to check out Room 18 and talk to the Ceph community more directly. All those communities share our goal to produce infrastructure software for anyone to do anything to use anywhere. So where are we today? I would say we have succeeded. Today, anyone is everyone. Anything is everything and anywhere is everywhere. And I'll spend the rest of this keynote to actually explain what I mean by that. So first, anyone is everyone. This really talks to how we set out to reach potentially anyone and we succeeded and we ended up reaching out to a lot of people and being used on a lot of computers. We started with 150 community members back at the inaugural Austin OpenStack Design Summit and today we have more than 110,000 community members all around the world. We started with a couple of organizations, Rackspace and NASA, and now we have more than 700 organizations involved in OpenInfra. Looking at OpenStack more specifically, OpenStack usage, our latest user survey reports more than 40 million CPU cores of computing power being driven directly by OpenStack. That's not only a huge number, it's also growing faster than ever. If we look at the contributor side, we went from dozens of contributors to thousands of contributors and Kendall will spend more time explaining these charts which were generated from the VTRJ dashboard that will be announcing later. Anything is everything. This talks to how we set out to build tools to allow permissionless innovation that could be used for any use case. And we succeeded and those tools ended up being used for everything. We started with two use cases, Rackspace with the public cloud and NASA with the research cloud. And today OpenStack and OpenInfra software is used in gaming, in finance, in insurance, in telcos, all of those areas and verticals of use cases that we were not designed specifically for doing it originally. Looking at Cata containers, more specifically, Cata containers is securing container workloads at end group powering the largest payment processor in the world, Alipay, processing more than 100 million payments per day and being used by over a billion users. Cata containers also available on Microsoft Azure Kubernetes Service powering confidential computing features there which is really used because it's the first hyperscale cloud to come out and say publicly that they are using Cata containers to secure their container workloads. And we'll talk more about that today during the keynotes. OpenInfra has become so ubiquitous, you can actually spend your whole day powered by OpenInfra software. You can start the day playing some game powered by Blizzard and OpenStack. You can take out in your Volvo and if you don't crash, your Volvo is probably because Zool has helped testing the software that runs it. You can pay with Alipay some something, your coffee at the coffee shop and that's powered by Cata containers and you can check out your friends using Verizon powered by StarlinkX. So today, OpenInfra covers really everything which really brings the question, where does OpenInfra go tomorrow? There is clearly more space to explore between hardware and application servers. For example, software to integrate new hardware features. We could have more open source components used in proprietary public cloud stacks. We can go beyond addressing the everything of today and addressing the everything of tomorrow. We're really seeing new use cases that drive new requirements on infrastructure and we need to meet those. In security and privacy, in artificial intelligence, in environmental sustainability, in more hardware integration. And throughout the rest of those keynotes, we'll go into a lot more details around distributed computing, confidential computing and AI. Finally, anywhere is everywhere. This really talks to how we wanted to collaborate without boundaries and give access to those technologies anywhere and not just in a very few countries around the world that can actually afford it. And we succeeded and our community is now truly global. We are in over 182 countries and that kind of reach is not possible without the passion and the coordination from individuals who rally their local communities together. To talk more about that, welcome on stage Helena Spees, who will talk more about it. Thank you, Thierry. It's great to be here this week at the Open Infra Summit. As Thierry mentioned earlier, the infrastructure world used to be entirely proprietary, but the Open Infra Foundation revolutionized that. And where the Open Infra community especially shines is exactly in that, the community. So I would like you to join me in welcoming on the stage our community organizers around the globe. And these people are the heart and soul of the Open Infra community. They provide means for collaboration regionally through meetups, Open Infra days, and more. Within these 50 communities around the world, there's an organizer for each of those and often a coalition of co-organizers behind them. So that's so many organizers. They, yeah, heart and soul of the community. And in addition to that, we often have people here in the audience too who provide means for venue space, sponsorships, speaking opportunities, and more, and provide these meetups at Open Infra days. So I'm going to hand it over to the heart and soul of the community to introduce themselves. Hello, everyone. So my name is Li Haoyang, organizers from Shanghai. Hello, I'm Adrian Kunin. I'm one of the organizers for the user groups in France for the cities of Paris and Rennes. Hi, I'm Niets Magnus. I'm based in Berlin, Germany, in Europe. Jonathan Race, based out of Augusta, Georgia, United States. Robert Holling, located in Lingon, Germany. Alan Cantrell, based out of Augusta, Georgia, United States. Hi, I'm Riko Ling, based in New Taipei City, Taiwan. Hi, my name is Akhiro Hasegawa, from Tokyo, Japan. Hi, I'm Saash Kosh, and I'm representing Los Angeles, California, United States. Hello, my number is Alvaro Soto. I'm from Mexico City. Hello, I'm Sangsu, from OpenStack Korea User Group. Thank you. Hi, my name is Jeff Jui Kim, a community organizer in Korea. Thank you. Charles Pike, Kentucky. Christian Ishevsky, Raleigh, North Carolina. I'm from South Korea. Bangkok, Thailand. Andy Bodding, based in Melbourne, Australia. I'm Kenneth Tan. I'm in Frankfurt, Germany. One more big round of applause for these folks. Thank you for all your hard work. So, if you want to hear more about the community and meet these folks in person, up close, you can meet them tomorrow at 4.30, or 4.00 p.m. Alvaro Soto will be giving me a talk about the challenges of open source in Latin America. Directly following that, we will have the Marketplace Mixer. We're not only, can you mingle with our sponsors, but you can also meet our organizers and talk about how you can collaborate regionally with them. Thank you. Thanks to all the open-infra-day organizers. They're really the local relays for our community in all of those local areas. So, it's really a very important part of open-infra-day events, but also their contributions, usage, and even foundation membership. So, open-source and more specifically open-infra is truly global. But, we are not guaranteed it will stay that way. We are not guaranteed another decade of collaboration without boundaries. Today, everywhere is at risk. We could see from the difficulties that a lot of you had to get out of the crisis, that boundaries are strong really. There are more and more geopolitical tensions, more and more ill-informed regulations that have the potential to destroy open-source and open collaboration the way we know it. For example, the Cyber Resilience Act in Europe, which does not take into account the specificity of open-source in the regulation, which may have chilling effects on the development. If we want to have another decade of open-source, another decade of open innovation without boundaries, we need to take action. This is something we've been thinking about for a long time. Today, we're ready to take action. Today, we're announcing Open Infra Europe and Open Infra Asia, two regional hubs of the Open Infra Foundation. We really reached critical mass of activity in Europe and Asia, and it's very important for us to be able to aggregate regional voices on how to best respond to regional challenges, but also just generally strengthen the regional ecosystems and help coordinate local communities. In Europe, we need to place Open Infra front and center in the digital sovereignty debate and also address more directly EU-proposed legislation. And our members, based in Europe, Ericsson and all the others, have answered to our call. In Asia, we have exceptionally strong local communities and markets that we need to enable at the regional level. And our members in Asia, including Ngroup and Huawei, have rallied around this objective. If you want to become a participant in either of those organizations, please go to those websites, so that the members of the Open Infra Foundation can get to participate in those regional hubs at the same level as their membership at no additional cost. We're excited to see how those new regional hubs help coordinate the community regionally and tackle those crucial challenges ahead of us. And see how they help us ensure that Open Infra continues to be used by everyone, for everything and everywhere. Thank you. That was great. Exciting announcement. We're really excited about these regional hubs. So, one of the things that he mentioned quickly with the Batergia graphs is the growth and contributor contributions. We have some sessions here that if you are a contributor, which I know a lot of you in this room are, you should definitely check out. The first one is tomorrow at 11.40. It's a forum session that's discussing a new community blueprint initiative. And the second one is on Thursday, also at 11.40, which is a panel about balancing if you're an individual contributor, balancing organizational needs with upstream contributions, both very interesting topics that you should check out. So, up next, we're going to move on to something called Loki, which don't want to spoil, but Linux, OpenStack, Kubernetes infrastructure. Ildiko Fonska. Because my fellow speakers and I would like to take you to a little technology journey. And, as Wes mentioned, that will be all about Loki, and I will just repeat, Linux OpenStack, Kubernetes infrastructure. So, who in the audience have heard of Loki before? All right, we got a few hands. So, let's start our trip where it all began. So, this diagram is probably resembling memories for some of you and for others. It looks a little bit more like a history lesson. I will not turn it into one. But, for example, I was only seven years old when the initial release of the Linux kernel came out in 1991. And, it take much, it took a lot of time until I learned and realized how historical moment that was for open source and open source infrastructure. So, 19 years later, we had a lot of servers in big warehouses that we called data centers that were running Linux. And, what was revolutionary about that is we started to treat these big data centers like if they were one big machine. So, if you will, the data center became the new mainframe. And, that mainframe needed an operating system. And, in the open source space, that operating system is now OpenStack. And, what really enabled OpenStack was the success of Linux. Linux has an operating system and Linux as an open source project or despite of being an open source project, I will leave it up to you to choose which one you go with. And, if you look at the timeline a little bit closer, you will see how open source and the success of open source and open source infrastructure accelerated because from there, from 2020 when OpenStack was created, it only took four more years to the announcement of Kubernetes. And, by today, these three infrastructure components became key and they are frequently used together. And, now, we are just conveniently calling them the low-key stack. And, for many of us, nerds, this is already super exciting. But, in reality, there is no technology if nobody is using it. So, when it comes to low-key, low-key currently is powering critical functions around the globe. So, a couple of examples because there is no keynote without CERN. CERN is using low-key to process massive amounts of data that is coming from their experiments to discover, prove, or break the laws of physics. China Telecom is using low-key through tens of millions of users just in China and even more customers globally. Bloomberg. Bloomberg is using low-key to give all of you information because, let's be honest, we are all really hungry for information these days. So, Bloomberg is supplying you financial data, news, and really all the information you could possibly want. So, these organizations are very different, they still have a lot in common. Super User Awards. CERN was the first winner and Bloomberg and China Telecom are both nominees this year and, I will not tell you who the winner is, you will have to wait a little bit longer for that. What else do these organizations share? They all run infrastructure on a massive scale. CERN's OpenStack-powered cloud is over 300,000 cores and they are using OpenStack Magnum clusters. China Telecom, they are running low-key in over 700 data centers. Bloomberg, their OpenStack cloud is over 400,000 cores and they are running hundreds of Kubernetes clusters, both Bermeddo and virtual. So, you might think that this is where this all ends, but that is not exactly true. So, let's go back to technology evolution a little bit. We started with single computers, we put them in data centers, we created software to harness the power of those massive large amounts of resources and we did all that just to break out of the walls of those data centers, take the cloud computing concept and computational power and, well, deploy it everywhere. This is what we are trying to do, but when we are arriving to this modern infrastructure, we have to realize how complex that is and we also unfortunately have to realize that complexity is not going anywhere. However, there is good news in this because there is a solution which is automation and if you think that I will send you back to the drawing table, that's not true because the project that delivers you this automation already exists and it's called Starling X. Starling X took the low key components and it flew with them and Starling X as an open source cloud platform doesn't just provide you with the components of the low key components, but it also adds those missing pieces that allows you to take low key outside of the walls of data centers and deploy and manage them as geographically distributed systems on a smaller scale or a large scale, it is all your choice. We announced the project five years and exactly one month ago here in Vancouver and today as the next part of our journey, we will dive into the why, what, and how of Starling X and for that I would like to invite Jeff Gowan to the stage. Hey everybody. So we are in Vancouver so I thought I would start my talk in the most Canadian way I could think of which is I'm sorry. VMs have been around for decades, but it was in 2010 and I'm sorry if we're going to get in and date you with timelines, you've seen them a couple of times already, but in 2010 that's when OpenStack came along with the mission statement and I'm going to read it out loud to produce the ubiquitous open source cloud computing platform that will meet the needs of public and private clouds regardless of size by being simple to implement and massively scalable. So based on what we heard from Teri, I'd say mission accomplished, right? OpenStack provides the infrastructure needed to deploy VMs at scale and OpenStack has helped us to realize what would have been considered science fiction 10 to 15 years ago by providing the infrastructure to support the internet and modern networks as we know them. But human nature is to evolve and the goal line has moved. So now the expectation is for things like self-driving cars always on connectivity everywhere, smart cities and the list goes on. Thankfully in 2014 a long came Kubernetes. So Kubernetes is designed for distributed systems and just like OpenStack provide the infrastructure for virtual machines at scale Starling X provides the infrastructure for Kubernetes at scale in a distributed system. So why am I telling you this? Because at some point you're likely going to be asked to deploy, manage, operate applications in a distributed network. And when that happens there's a few things that you might want to have available. So you might want to have a geographically distributed solution spanning thousands of systems. You may want to have support for containers and virtual machines out of the box. You may want to have high performance in terms of latency and uptime. Easy automated deployment, that sounds like a no-brainer, right? And operational ease of use features like centralized management operations. What's happening is applications are being pushed closer to the user and they need infrastructure that can support them where the compute and where the data are. So suddenly the modern data center starts to look a little different, right? A new data center might actually have wheels. It might have wings, as in the case of a car or a jet fighter. As one of my colleagues recently said to me there is no center in data center. Now that sounds like a line out of a matrix movie but it's true. If it is, what do you do? The good news is you don't have to figure out distributed systems by yourself. Starling X has already solved many of the challenges of a distributed system and is adaptable to so many more. If only we were running the slides. My name is Jeff Gowen and I'm the marketing director at Wind River. I'm also an active contributor to the Starling X marketing team. I'm joined by several community members. One of them with these shirts who would love to get into the technical weeds of Starling X with you over the next two days. Wind River is a contributor and we are a believer in Starling X. So Ildico just talked about Loki a little bit. So what if you could get Loki with all the pieces assembled and field proven? Well, that's what Starling X is. It is Loki distributed cloud infrastructure and it's running in some of the most demanding environments today and it's available to many, many, many more. And also, as she mentioned, we are celebrating Starling X's five-year anniversary. So five years ago here in Vancouver we launched the project and I was actually with the project from Inception and it is definitely not the same software as it was five years ago. Today, Starling X provides the edge infrastructure for Verizon's 5G network in North America and I'm going to talk about that more in a little bit because it's a great example of how the project is getting pushed and how the devices evolve. So must Starling X because if we're only thinking from a data center perspective we will literally be boxed in and we will be unable to meet the emerging needs of the edge. Next generation use cases need next generation infrastructure. So what I'd like to do is just give you a little bit of food for thought in the immediate, near and longer term future about deploying applications in a distributed environment. So maybe you're responsible for managing and operating enterprise multiple enterprise sites each with their own data center. So rather than thinking of them as separate standalone entities what if you could manage them all centrally? One idea is to think of them as clouds and sub-clouds rather than separate standalone entities. Each of those sites, of course has its own needs in terms of software installs, updates, version control, availability, the list goes on. But if you think of those sites as a collective it gives you more options on how to implement those needs. So for example, how do you keep each site up to date and synchronized on the same version while not disrupting service? What about security updates? How do you orchestrate the updates of all the applications needed? These are the types of things that Starling X does. So if you think Starling X might be able to help you with the enterprise sites come talk to us. So the next example is once you've implemented your distributed system then how do you scale? So for the last two and a half years Verizon has relied on Wind River Studio which is commercially supported Starling X for their 5G network. And with 10,000 sites and growing they're all about scale. And I'll give you a little secret. Distributed networks are really complex. So this is why in addition to some of the core features of Starling X that include single pane of glass and zero touch automated management this year the key area of focus is around operations at scale and there's a number of features in version 8 which was just released. I'm not going to go through the whole list because unfortunately I don't have time but if you're interested in some of the latest releases of Starling X and operations at scale of distributed systems come talk to us. So the third example as we think to modern use cases and use cases of the future we're going to start to really see how today's technology just isn't going to cut it. The simple fact is distributed is different from the data center and a data center alone isn't going to be enough to support use cases like a mobile distributed cloud. So what might that be? That might be a fleet of automobiles that are operating as an autonomous taxi network. It could be a fleet of drones that are being used to distribute medicine into remote environments or to packages to your home. Or it could be traffic control in a smart city that requires V to X connectivity smart city integration 5G connectivity and a myriad of sensors and applications that all need to be managed real time at the edge. Whatever the use case is having a distributed having a distributed cloud technology will enable certain things you're going to want for those use cases. Things like predictive maintenance things like remote monitoring or fleets in your assets mobile application deployment and data analytics to improve your operations. So I just walked through some examples of existing and potential use cases and what they all have in common is a distributed cloud hierarchy that can be thought of as clouds and sub clouds separated by cloud geography. Now honestly, we're just getting started but Starling X has a serious head start. Telecom operators, they've been building out their network for connectivity for years and other industries like automotive are starting to catch up on their own digitization journey and what's happening is this convergence of initiatives is opening the door for Starling X to be able to play a role in outside of telco. If you think of it this way, telco has been hardening Starling X all over the world. So on the topic of telco excuse me, one area that is super hot in telco and very important is energy efficiency. And one way that Starling X is addressing that is through extreme efficiency. So one example of that is the fact that we can now run on a single core of the Intel fourth generation Xeon processors. Some of you might know that is Sapphire Rapids. Why this is a big deal is because by being able to run a single core, that means you can run other applications with the existing cores and that could potentially reduce the number of servers that you need per site which will then in turn, of course, reduce the amount of power that's needed for those sites. Now that may not be a big deal for a single site, but when you multiply that across thousands of sites it suddenly becomes a big deal because you just don't have the same economies of scale with the single data sites as you do with a huge data center. So we have a demonstration of Sapphire Rapids and Starling X in the Starling X booth. Come take a look at that. Another example is ARM. So ARM recently joined the Starling X community and there is a POC of Starling X running on ARM in the Starling X booth. There's also a session tomorrow called Power Efficiency in VRan and OpenRan where we'll get into the details of that POC. So I'm going to wrap it up by just highlighting a few things. Number one, the world is evolving quickly. Number two, legacy technology is awesome at what it does but it can only do so much. If you think of the networks of the future there's only a portion of it that's going to be within the four walls of a data center and there's going to be an increasing portion of it that can be pretty much anywhere you can think of. And number three we need to think out of the data center box because if we assume that distributed edge is the same as the data center, data center will miss. We will miss on delivering both care for remote areas. We will miss on smart coordinated city planning and I hate to say it, we will miss on drone delivery of cold beer and pizza. However, sorry before I get to that the reason why is because the edge won't be secure, it won't be manageable, it won't be reliable and all the things that are going to be required for us to have the confidence to both provide and consume those services but if we think distributed then all of a sudden we're thinking about new commerce models, new innovation models, actual evolution because we have the actual infrastructure to support it. Again, next generation use cases need next generation infrastructure and this is why Starling X wants your contribution. What do you want to build? What applications do you need to support? If you think Starling X could potentially be used for you, we invite you to come talk to us, come grab us and talk to us about Starling X and how it could potentially help with your use case. If you do a search for Starling X and the agenda, you'll see a bunch of sessions. There's the energy session that I mentioned that's happening tomorrow and I wanted to call out one session in particular on Thursday which is the hands-on session. If you want to roll up your sleeves and get into the technology, join us Thursday morning and you'll get the opportunity to talk to us about Starling X. So with that, I would say thank you very much. Thank you, Jeff. This was very exciting. I always get the chills when I learn more about the capabilities of Starling X, the use cases that it supports today and also the use cases that it will enable tomorrow and further out in the future. And Jeff already mentioned a couple of sessions, conference sessions that you can find on the schedule to give a reminder that Starling X is not just a software piece, it is also an open-source community. So please not just go to those sessions, but also keep the project teams gathering in mind where Starling X has a session tomorrow afternoon starting at 2.30pm and go and mingle with the contributors of the project, ask them about how it works and ask them about how you can get involved. Go to the hands-on workshop and we also have a forum session tomorrow afternoon. I think it is at 2.00pm. So go and find the people who are working on that platform and have a conversation with them. And now, with all that, we sadly arrived to the last part of our journey. But I already told you to buckle up. So this is now when you will be holding onto your seats because we are taking a magnifying glass and we are taking an even closer look at the open stack and Kubernetes parts of it and how they are working together, not just as projects, but also as communities. And our next speakers will not only just speak, but also show you all that as part of a live demo. So please welcome on stage Kendall, Matt and Guilherme. I'm a principal software engineer at Red Hat. Hi, I'm Guilherme. I'm an engineer at Wexhost. And I'm Kendall Nelson, a senior upstream developer advocate at the Open Infra Foundation. So Guilherme here is going to dive right into this demo so that we can make sure it completes in our 8-minute segment. So basically, Matt and I are going to introduce the topic, Loki, which you may have heard of by now. But Guilherme over here is going to do an upgrade of a Kubernetes cluster running on top of OpenStack. And he will also be spinning up a new cluster on top of OpenStack. So, we've heard about this Loki thing now, hopefully. So, this comes from the OpenStack user surveys that we've been seeing over the last couple of years. There is a preference and a pattern for using OpenSource for the whole infrastructure stack, specifically using Linux, OpenStack and Kubernetes together to provide your infrastructure. These three projects together provide a fully OpenSource stack from top to bottom. So, quick show of hands. Who here is already running Kubernetes on OpenStack? That's quite a few. Quite a few. But I'd like to take a minute to talk to those of you who didn't raise your hands. There are lots of reasons to run Kubernetes. But one of the biggest ones is that it's cloud agnostic. It allows your users to focus on the needs of the application rather than the cloud that it's running on. This also means it's possible to reuse Kubernetes deployments across clouds. If it's currently running on public cloud, there's a good chance that you can run it on OpenStack with minimal or even no changes and vice versa. But of course, there are also reasons against. And one I've heard frequently is complexity. The good news is if you're running OpenStack you've already implemented much of that complexity and your Kubernetes cluster can just use it. And you can reuse it as many times as you like by running multiple clusters. Kubernetes clusters on OpenStack are cheap and easy to create. And to OpenStack it's just a regular tenant workload. No admin privileges are required, no special installation is required and your users can even do it for themselves. OpenStack was one of the first clouds to have native integrations in Kubernetes. They're very well tested and very mature. Running OpenStack on Kubernetes is a cheap and easy and safe choice. But don't take my word for it. Let's have a look at what Guillermo has been doing so we can see it for ourselves. Basically what I did here I'm logged in as a member user of a project and to be honest there's nothing new here for whom already used OpenStack and Magnum before. I just navigated here to the container infra I just selected the cluster I wanted to upgrade selected the cluster template with a higher version of Kubernetes to create a cluster simple as well. Just open up a form just put the name the cluster template a key pair and the number of nodes and that's where the magic happens actually the key point here is how the magic happens actually on this deployment here in particular we are using a a new Magnum driver it's called Magnum Cluster API it's a driver developed by Vexhost so as you can see here this is the actual driver working so that's cool isn't it Kendall? Very very cool with two clicks you are able to effectively upgrade a whole cluster and I think that we can all agree that that's a really refreshing upgrade experience cluster creation is cheap and easy to like Matz said and by customizing three parameters I think it was you can stamp out as many as you want everyone can have their own cluster he can have a cluster, you can have a cluster I can have a cluster and as you mentioned the Magnum API driver I know that that makes use of another open source project called CAPI Matt can you explain a little bit about CAPI? Sure cluster API or CAPI Kubernetes native API for managing Kubernetes clusters it can install a new cluster it can scale or reconfigure your existing cluster and as Guillermo has just shown us it can quickly and easily upgrade a cluster and it supports lots of clouds not just OpenStack there are providers available for just about anything you're likely to be running on whether that's public cloud or private cloud or even bare metal and wherever you deploy it the Kubernetes that it deploys will always be the same managed in the same way and exposing the capabilities of whichever cloud it's running on so an OpenStack for example that means you can do things like mixing and matching, virtual and bare metal workers all in the same cluster another advantage of CAPI is that it's managed under the same umbrella as Kubernetes itself so it always supports the latest releases by building on cluster API Magnum can take advantage of first class Kubernetes native management tools and expose them for an OpenStack native API So there we go we have the upgrade complete we have a cluster created complete I just did here with this comment here just pulling out the config of the cluster I created so it writes a file on the disk I just exported and there we go that's the cluster we created so simple and easy I love it when a live demo works it's awesome that we can yeah it's awesome that we can see these commands actually completing in real time and that was all maybe sixish minutes and even better that you are actually able to use the OpenStack CLI and dashboard that most of us are already familiar with so Guilherme can you actually tell us a little bit about the environment that we are looking at too? Sure, that's a proof of concept box this is running inside Atmosphere Cloud that's the public cloud for Vaxhost so it's running Atmosphere is another project that Vaxhost has developed it's an open source project as well it's responsible to deploy OpenStack on top of Kubernetes so my colleague Riko Lin is going to be talking about Atmosphere in a little bit more details during the event but that's it, so this environment is running Atmosphere and it comes with Magnum Cluster API by default Awesome, so while we have this lovely audience here today what sort of help can we ask them for in this space for Cappy and Magnum? So the Cappy community is vibrant and diverse but we'd still like to see much more participation from members of the OpenStack community if you're an OpenStack developer we'd really like you to come and contribute to one of the OpenStack integrations please come and talk to us about it in our forum session on Thursday afternoon Yeah, so Atmosphere and Magnum Cluster API they are open source just feel free to go to Vaxhost GitHub repository I can just clone the project and try it out by yourself we'll be really happy to have your contribution there Awesome, lots of places to get involved and we really need everyone's input I want to give a huge thank you to those such as yourselves that have paved the way to get us to the point where we can use these projects together to make our Loki stack and I hope that the audience would now agree that we've proven the Loki stack to them and they're ready to go try it out for themselves Thank you all for giving us the time Yeah, demo that works back in time for a moment from 2010 to 2011 we kind of saw OpenStack getting started hopefully we'll see a really cool graphic here in a moment and it wasn't very big we didn't have a lot of people there weren't a whole lot of projects but here we go if you take a look at this image so there's all these blue dots those are actually contributors working on the projects in OpenStack and the orange dots are the projects themselves so that little orange dot off to the left all by its lonesome but kind of connected in that's neutron and the one that's trying to be a nebula of its own at the bottom but still connected that's Swift but today we have a much more dense and interconnected community and there are more projects and more contributors than we've had before but being able to see the community represented in this way is thanks to Bitergia the OpenStack dashboard that these images were pulled from is now available for your own perusal so anyone can nerd out like I did and start doing visualization of growth factors in OpenStack and where obviously containers and integration with Kubernetes weren't the only factors between 2010 and now you can see the projects highlighted that are related to containers like Magnum, Cola and OpenStack Helm I really, really love this but if you want to dig in as much as I did the data is now available to you via the new OpenStack dashboard and if you have questions Bitergia will be hanging out in the metrics corner throughout the event in the marketplace go check it out thank you thank you Kendall and also thanks to Gearmy and Matt did you all see how smoothly that live demo went? Was it amazing? and through that demo you could see how smoothly and nicely integrated OpenStack and Kubernetes are but that really is the result of two very large and very active communities actively collaborating and working together to make that happen and you can learn much more about Loki this week so even though that this is the end of our little trip today this is the beginning for all of you because this is when you can go and mingle with fellow attendees contributors and really anyone who you can find around you like-minded people come up with new ideas and collaborate on solutions so make sure to attend the conference sessions go check out the PTG and mingle with the contributors there and go and give feedback and talk about ideas and priorities at the forum sessions and with all that thank you all for your attention and remember to have a great time at Open Infra so the first segment is done thank you to Ildiko for hosting it I hope you notice that one of the things that we did really intentionally with the keynotes this time is bringing up the contributors who are building the software and showing it with demos and providing some really technical overviews so we have a lot more demos still to go but before we get to the next one you know OpenStack and Kubernetes integration that we just heard about is one of the most commonly talked about topics at the Open Infra Summit but within the summit and even around the entire world the most talked about topic right now is AI and so we're to have a segment around AI and how different open source technologies are pushing the boundaries for this exciting and you'll see somewhat terrifying use case but to talk more about AI and the open source technology impact please join me in welcoming Mark Collier Well I was going to ask if any of you all have heard of this thing called AI but apparently you definitely have now if you haven't before well I think there's 1.5 trillion reasons why people are talking about AI which apparently is how big the market is going to be in a few years and I want to talk about it today first of all in a few minutes we're going to have a couple of amazing demos where we're going to show off some AI and open infrastructure and action but first I want to talk about AI from kind of two different points of view one is to look at the impact open source is having on AI and how it's being developed how that is changing the game in the AI world and then I also want to talk about how AI is influencing impacting how software is getting developed particularly when it comes to open source now when it comes to AI and giant companies that have been investing in it for years one of them is Google you've probably heard of them and recently there was a thorough analysis that was done within Google and it sort of leaked out and apparently made it to the press and so one of the big headlines was the author who you know I think is not been revealed yet but probably might be in a little bit of trouble but I think they did a very honest analysis and they said we have no moat and neither does open AI and this is directly a result of open source and I'll tell you a little bit more about the background but if you don't know what a moat is it's basically on an old castle water around there that's supposed to help your castle stop being invaded in this case we're thinking about competition and people trying to come in and get your customers and take away your competitive advantages so this is a pretty big admission albeit leaked out but one of the big takeaways here was this quote which said while we've been squabbling here the references to google and open AI a third faction has quietly been eating our lunch I'm talking of course about open source and so I personally think it's a lot of fun to drain moats with open source community so I'm all for this and I think 1.5 trillion is a lot of lunch to eat so I think we're all going to be eating well in the next few years if this trend continues and to take a closer look at the data one of the other pieces of analysis and keep in mind this has only happened in the last three months you know three months ago we all believe that the only companies with access to this kind of powerful technology were three or four of the biggest companies in the world the Googles of the world the Metas etc open AI and what they has happened in just the past few weeks is through a lot of these open source models as they said here we're meeting the open source faction are doing things with $100 and 13 billion parameters that we struggle to do with $10 million and 540 billion parameters now there's a lot of debate about whether some of these new models are truly open source depending on the license but we're not going to spend time on that today but the bottom line is open source is absolutely having a massive impact on AI and the space is just moving really quickly and the final summary here was we have no secret sauce so you know I'm happy to toast to the end of secret sauce but may not be gone forever but certainly I think we are seeing signs that open source is having a massive impact directly on the development of AI now talking about how open source rather is being influenced by AI you know I've been talking to a lot of developers trying to get a feel for how people are using AI in the development of software and how they're feeling about it and one of those developers who shall remain nameless said something that may sound eerily familiar oh I meant to blur out his face this is awkward he wanted to me to be sure to tell you he's a former software developer but in any event in a more serious note you know we're already seeing how AI is changing how software is being written how code is being produced definitely some developers are producing it but I think the truth is we just do not know what the long term impact is going to be on how software is produced but we're already seeing some early signs of the impact and how it's affecting open source communities and other businesses you know one example is in the python community they're starting to get more and more code submissions that need to be reviewed that are being generated by these sort of AI assistants and it's creating quite a problem for the people trying to review the code quite frankly some of the code is not very good right these AI systems are not magic they don't actually always create great code and often times if the so called contributor who submitted it is asked questions in the review process they can't really answer them if they didn't write the code so we're already seeing how this is creating problems but it's also creating opportunities right and if you look at the publishing world the world of sci-fi we have this fascinating evolution in which you know sci-fi has been writing about AI for years now AI is writing about sci-fi so you know it's kind of a funny turn of events and I do have to say though this community is sci-fi publisher community I feel like they should have seen it coming if anyone but clearly all this change does create some opportunity does create some fear and you know wherever there is fear governments are sure to appear and we're definitely seeing that happen chat gpt was banned in Italy and unbanned and EU is thinking about passing various rules and regulations but clearly everybody is not really prepared I think for where this is all going we first of all don't really know where it's going but we're going to have to be on top of it so some questions that I have to consider what about the incentive alignment between organizations and open source moving forward it's not going to be business as usual you know what are we prepared for a world with code development without humans you know in the future more code will be written by machines than humans so this is coming in a lot of ways it's here already so are we prepared probably not but this is the kind of community that can tackle these sorts of problems you know how will the AI license there's a whole series of lawyers trying to figure this out right now so I'm not a lawyer so I'm going to try to skip that one but it's going to have to have to happen how will we accept their code and perhaps the biggest question of all how will we accept AI as a member of our community it looks pretty harmless you know I would accept them but you know these are things we're going to have to think about and we go back to the original premise of these two questions how is open source impacting AI how's AI impacting open source the reality is these are inseparable at this point you really can't separate the concepts at that point it's the both are amplifying each other ideas are being submitted, combined, recombined that are you know both AI generated and human generated and let's face it all those AI code generators were trained on open source code written by humans but before how can you really separate the two they're sort of inseparable the lines are blurring between human and machine and we won't see a lot of code produced without some AI influence in the future but the bottom line is we have a huge opportunity that 1.5 trillion dollars will probably keep everybody's attention trying to figure out these hard problems and right here in the open source community we have lots of software that's already being used in production to power these massive AI systems a lot of what you might not be aware of but hopefully you will be in just a moment and one great example of that is our next speaker who does have a demo and he is a long time OpenStack Swift contributor he was PTL for many years some of you may already know him from the past he's spent the last several years at NVIDIA and he's going to talk about how they're using OpenStack Swift at insanely massive scale to process all kinds of awesome data and machine learning so John Dickinson please come on up Thanks Mark what I want to talk about is what does it take to actually do a lot of the machine learning there's been huge advances super rapidly it seems like every week there's something new but when we peel back all of the new tools and abstractions and frameworks we still see we have some familiar foundations with all technology we still have to deal with compute networking and infrastructure and it's that storage infrastructure that I want to talk about and how do we enable these kind of new tools so on the compute and networking side there's great advances at NVIDIA we've got things like the grace chips and the hopper chips and the spectrum switches that are really pushing the edge of what's possible with machine learning but let's talk about storage storage how does that fit into the picture AI and how do we enable or take off like a rocket ship and the fuel that's powering that is data so as storage providers our job is to put as much data into that rocket engine as quickly as possible and when you've got thousands of GPUs powering through petabytes of data you need to be able to be able to have high capacity and high availability and high aggregate throughput and concurrency these are some of the baseline features that you need to enable you to put as much fuel into the rocket ship as quickly as possible but let's briefly talk about what these ML jobs look like because it's really good to understand what the actual usage patterns are for this data access but when you're going to build storage systems to support it so in general at a high level a machine learning job will load some data and then it will iterate on that and it will shuffle the data every single time so it cycles through the data over and over and each time it does that it's called an epic so from a storage perspective it would be great if you can reuse that data and so you only have to load it into the GPU memory once and then it can shuffle the data and retrain and shuffle the data and retrain and so on and so forth so if you say I've got 500 gigabytes of data that can fit inside of the memory on one server and you can do that you load the data and you shuffle it and you move it around and things like that but the problem is data sets are getting way bigger than that and they can't fit in GPU memory and in fact they can't even fit on the flash storage that's inside of a particular server so you think great well let's use something like object storage and that's really great but a challenge there for machine learning practitioners is that it's a different API programming languages come with like f equals open and they don't come with object level primitives and for the repeated data access you can think I know I'll use caching but that's going to add a lot of complexity to the whole how you put things together and so you're stuck with this challenge that the people who are doing the machine learning are faced with these massive infrastructure problems of caching layers and file APIs versus object APIs and having to copy data between different systems and that's not what they want to spend their time doing and we're at an infrastructure conference so our job is to build the infrastructure that enables them to do those things that were previously impossible we have to build that infrastructure so that it gets out of the way and enables them to do their job and so the users need these tools and abstractions to deal with the large amounts of data to understand what kind of data they have and to make it available to the GPUs as quickly as possible so in addition to having really great compute platforms you also have to have a really good storage platform so to solve these problems we use two abstractions we have something called an inner ring and something called an outer ring and the inner ring is high speed it's low latency it is tied to a specific GPU cluster and normally it's going to look like file storage to the end users this is the storage acceleration layer this is where caching would live this is where the working set of data would live and on the other hand you've got the outer ring which is very large capacity and high throughput, high availability but not just HA in the sense that it's always turned on but in the sense that it can be connected to many different GPU clusters at the same time and this becomes the foundation for that whole data storage strategy this is a very very good fit for object storage and Swift is one of the tools that we're using to internally implement our outer ring so we first put the data into the outer ring then we can make it available to whatever GPU cluster we need and accelerate it as it's accessed through the inner ring pattern and we get a lot of major wins from this the first one and the most obvious ones is that we can support massive data sets that won't fit on single servers we also are able to improve performance because when you load that data into the GPU you only have to load it from the outer ring once and after that you can accelerate it and subsequent epochs can go to the inner ring storage and you also get workload portability because the outer ring that foundation is connected to many different GPU clusters and so the job can run from many different locations and so we use many different storage systems and storage providers and storage partners and because we want to enable our users to use whatever they have available and the best tools that they have available but the way we then have to do that is standardize around APIs on the file side it looks a lot like POSIX and NFS and then on the object side it's going to look like S3 APIs and then on the object side it's going to look like a good job and the Swift API so Swift is something that we use internally it's a great storage system for the outer ring it has high throughput, high capacity and we've got several large deployments there right now we've got about an exabyte of Swift deployed supporting many different GPU clusters but giving people that inner ring and outer ring is really great but it's not quite sufficient because the problem is what data do I actually have and when you get bigger and bigger data sets it gets harder and harder to understand what these data sets actually look like how can I explore petabyte scale data sets on my laptop so we've created also a data set service and its end goal is to give users a way to explore things without having to worry about that underlying storage this is what I'm going to demo kind of the end user view of putting these storage systems together with the large scale ML possible so first I'm going to load a data set into Swift then I'm going to explore it in a Jupyter Notebook without having to worry about the storage and then finally run a small ML task on it so first I took an extract of some of our internal confluence pages and extracted that as JSON and we can see here that it's a bunch of different files the first one starts with 026 and it's about 30 kilobytes and it's got an MD5 sum that starts with F3, E6 we'll come back to that and the structure of these JSON files is pretty simple but one of the key things, again come back to in a second, is this source URL that every file has that so when I create the data set what this is going to do is upload this data into Swift and then I also noticed I told it about the source URL key there it's going to upload that data into Swift it's going to create it inside of a new container there and then from that point we can go explore that container inside of Swift using standard Swift APIs and see exactly what data is there now the point of that is the data is exactly the same as we started with the names are exactly the same the first one that I'm going to pull up here is it starts with 026 you're going to see that it's basically 30 kilobytes and the MD5 sum is exactly the same as the one that we had locally the really cool thing about this is that there's nothing standing in the way of the actual data access there's nothing translating or transferring that you don't have to go through other systems you can still directly use the object storage so here you can see that object that 026 object is still exactly the same one that we had that we started with locally so once I have this data set created then I've started up on my laptop a little Jupyter Notebook to say let's explore this data set and see what it looks like without having to load or even worry about all of the data storage so when I start the Jupyter Notebook the first thing I do is I pull up a list of some of the data sets that I have you can see there's several of them there as I was building this over and over again preparing for this and then I specifically load the one I'm interested in here the one I loaded on Vancouver demo in that you can look at the metadata there's a few files in total and a few megabytes in size and then the really cool part here is that you can convert it immediately to a pandas data frame which is the exact tools that people are used to using and when I do that note that it has the source URL there exposed which means that I can now start playing with a little bit more about what I knew that was in that data and start doing different things on it and then just chart out the sizes of this data set and see what it looks like and you can see most of them are small and one of them is kind of big but what's really cool about this is in no point whatsoever when I've been exploring this have I ever hit Swift this is the log indexes here and you can see there's no requests that go to Swift so if I wanted to actually load one of those data objects and here where I load it out and show out the first 100 bytes you can see that that's the content and once I have that content loaded I could put it through a simple langchain summarization tool and figure out that this particular file this extract from this confluence page was about how to handle some communications during an incident so in review what I was able to do here is load the data directly into Swift explore the metadata without having to have that data and then load some of the data from the data set without having to worry about what the underlying storage was and then integrate that into existing tools things that are available elsewhere so by putting together these storage and data platforms we're able to yeah there was the one sorry about that there was the one actual request that went back to the log index system and you could see there was actually that single request that went back to the Swift cluster so by putting together these storage systems we're able to solve these problems for practitioners at scale without having to then having to worry about those underlying storage systems this is what helps us to continually feed that machine learning rocket and Swift specifically has been a key part of one of our internal systems to help grow our storage platforms thank you before you go I hit you with one more question so while I was backstage I think I heard you say NVIDIA is running an exabyte of OpenStack Swift for your AI system so that's incredible I imagine you must have been making some improvements to Swift over the years to get ready for this type of crazy workloads and scale it has grown very quickly and it's been critical for us to be able to have access to the code participate in the community push the changes back up everything at that scale has to grow super rapidly and we continually find new ways to improve performance and improve the scaling ability that's amazing well thank you so much for the presentation and talking about your Swift at NVIDIA AI use case so next up we have another awesome users running OpenStack at crazy scale for AI and we're going to have Nathan Harper from GraphCore and John Garbit from StackHPC so come on up Hi I'm Nathan Harper from StackHPC from GraphCore sorry there's too much StackHPC going on so I'm really pleased to be here to be able to talk to you about how we have been accelerating development using OpenStack and infrastructure as code so very quickly who are GraphCore so we develop hardware software and services that have been designed from the ground up for AI and machine learning so the focus for us for this particular project has been our IPU machine so this is the system that's done bottom bottom right hand side so although this has got a server form factor it's actually this is a network accelerator or a network appliance so this has got four of our IPU processes in it and then it's accessed over the network from an application server using our IPU over fabric protocol which leverages RDMA so the chance that we run into is we were building our systems that look like this effectively by hand so each one of those racks contains one of our reference pod64s and although we've got automation and config management for managing the actual servers managing the infrastructure so the IPU machines managing the network infrastructure that is all very static if we had any requirements for any alternative configurations, virtualization for Kubernetes all of that had to be managed by hand and managed centrally so we were really challenged to how do we improve our developer enablement how do we make sure that our developers have got access to the infrastructure and the systems that they need when they need it and the by-product for that is also to improve our utilization so to ensure that we don't have systems that are sat waiting for reconfiguration to be upgraded for the config to be changed so that they can then be used so we decided to build a low-key based IPU cloud so this is built primarily on open stack and we developed the concept of our VPOD so a VPOD includes our IPU machines includes the application servers that users will be using to actually drive those IPUs and the networks associated with them and so we had three principal requirements when we developed these so that was around having kind of isolation trying to prevent noisy neighbor trying to prevent users from accident traveling all over each other they also had to be performant so we didn't want to sacrifice any of the performance that we get by automating this way and ideally we also wanted to make this self-service so that users could drive their own destiny rather than having to rely upon central services so rather than going and doing this alone we enlisted the support of StackHPC who've got a wealth of experience with running high performance workloads inside open stack so I'm going to hand you over to John who's going to be able to tell you a little more Thanks Nathan, I'm John Garbert from StackHPC and I'm going to dig into some of the bits and pieces we've been working on so the fruits of this collaboration between StackHPC and Graphcore so I'm going to start with looking at the isolated VPODs so we're using Ironic and with that we're using Neutron and in particular it's networking generic switch driver and what that lets us do is it lets us reach out to a physical switch and change the access VLAN so if you go back to that rack of IPU machines that Nathan was introducing there's 16 IPU machines in there and that allows us to move from 16 isolated IPU machines all in their own VLAN to a rack that's joined to multiple racks all together into one unit and we get to move between that as the use cases require that so that's one side of it on the IPU machines so to talk to the IPU machines we need some x86 machines running the Poplar SDK so to start with there's four x86 machines in each of these racks and we can use those as bare metal machines within Ironic and that's great but very often we need to slice it up a bit thinner than that so we could for example have 16 VMs using Nova and slicing that up and each of those VMs can be on a separate VLAN talking to the IPU machines so you've got that ability to have one multi-rack system or lots of these small development environments so that's kind of the isolated V pods the slicing and dicing so these need to perform to work well in particular the Poplar SDK in order to talk to those IPU machines across the network we need to have RDMA connectivity and we do that using SRV so passing the network card into the VM so we don't just use any old SRV we're using VFLAG using an OVS offload SRV and what that really gives is it's for a machine that's got 100 giga ethernet bonded we can get that full performance inside the VM and that's both for the RDMA connectivity and for TCV connectivity reaching out to NFS storage and such like so we've got the network sorted we've got those things connected together and we've got that we're using Loki to get that sort of dynamic infrastructure so we need to really test the performance and for that we're using ML perf so with ML perf the basic idea was we test and make sure that in all of this virtual world are we getting the same performance we got in bare metal and we're able to do that and make that repeatable with a whole bunch of things we'll go into more detail in our breakout session later so all of this is for NORT if the users can't actually use it when they need to so for this we're bringing the open source project called azimuth this was started in Jasmine which is a UK institution and it's a national science and at StackHPC we've been working at lots of different scientific institutions within the UK to sort of apply azimuth to different situations so for example IRC infrastructure direct supercomputers recently with the SKA UK regional centre and a lot of that work's been in concert with Cambridge University and so with that we've built up a set of reference platforms we're actually using cluster API to drive Kubernetes on open stack we've got full stacked Loki apps in there and this isn't just a sort of static set of apps this is extensible and Graphcore have been able to take this and actually package up the environments they need to offer so I'm going to hand it back to Nathan who's going to go through bits and pieces of what Graphcore have been doing with this stack so azimuth is because it's using Ansible and Terraform on the back end that means we can quite happily inject any of our own configuration any of our own orchestration that we need to into that so as a cloud provider being able to develop applications and appliances with all the sensible defaults baked into them it means that users don't need to know the ins and outs of the infrastructure they don't need to know how to turn on to ensure that they've ended up with the right flavors to achieve their full fat performance so this runs we have your pre-built images built by Packer this means that all the applications and configurations is pre-baked in and then Ansible then applies the Terraform to apply that to the cloud and then once it's been stood up then users can access either via SSH or via a web console that is accessible through the Zenith proxy built into azimuth so demo time I'm hoping the other presenters haven't used up all the demo luck so I can just very briefly show you some of the user experience so this is the azimuth front end and these are some of our popular appliances that I've pre-built and so the kinds of options that users can access they can choose their name, what operating system they're going to use, in this case what style of IPU machine, how many they want what you'll see is actually some of these options are mutable so once a user has deployed a system they can actually choose to resize it again at a later date once they've worked out they might start smaller so they can choose to increase to later and one of the things we've used to drive our utilization is by setting maximum lifetimes so that things don't just end up languishing so in the background this is actually running because we're running Antibole we can use Aura to grab all of the output, this is quite useful for debugging and as you can see this is just running through some Terraform so the advantage of making use of our Terraform modules is that we don't need any other fixed infrastructure to run this so we've got a small vpod here which has got a couple of application servers and some of our IPU machines and so what I'm going to do is I'm going to add an extra couple of IPU machines into this and then go ahead and run Terraform so I'm just adding another pair of IPU machines so these IPU machines are enrolled via Ironic we're skipping over the vast majority of functionality, we don't need to worry about pixie booting and provisioning it but the main thing really is that we want it to manage the network interfaces and move them into the correct VLAN so when I'm running this Ironic is calling out to Neutron and NGS which is going to update the VLANs, the access ports these IPU machines are connected to and so this means that we can just really treat these IPU machines as first class open stack citizens so and once this is done I've hopefully got a oh there we go as we can see the ping that I had to an IPU machine has now started running which means that all of our networking has been connected back up again so so what's next and so if you're interested in IPUs and you're making use of the IPUs because you want to run your own AI you can try out IPUs free in paper space which is you can access by the first link, if you want to try azimuth in your own open stack clouds then you can also take a look there and if you're interested in knowing a little bit more or finding out about some of the some of the more in depth bits and pieces that we ran through when we did this we've got our breakout session later on this week so thank you very much so a quick question you mentioned paper space and some of these other environments you've got running open stack but how many open stack clouds have you got what else are you using it for in AI so we're up to about five open stack clouds now and you're running 20, 25,000 cores at this point one of the things that has been a real enabler is as well as running our self-service systems that I've been able to show you today we also have slurm based HPC systems we have CI driven workloads all of this is able to run inside your single control plane a single open stack system and it's a pool so we can move resources between those workloads depending on what is needed all right well thank you all very much that was a great presentation thank you well as I mentioned they do have a session that you want to definitely attend and learn more and as we wrap up this AI segment just another reminder there's tons of conversations going on all week this is the place to talk about open source infrastructure AI and the intersection there here's a few other sessions you want to check out and that's it for our AI segment thank you very much all right thank you that was very interesting it is super interesting to see how open source is impacting AI and obviously causing that massive growth but anytime you have that kind of growth security obviously becomes an issue so coincidentally that's what our next segment is about let me bring on our the Executive Director for the Open Infra Foundation Jonathan Bryce thank you Wes and I just wanted to actually take a minute to to recognize Wes and Allison who were promoted to VPs in the Open Infra Foundation earlier this year so congratulations Wes and Allison our lovely hosts for the day so Wes mentioned that we're going to talk a little bit about security now and when I talk about security I always talk about how security is a very very layered and complex topic because there's nothing static about security in the technology world there are always new techniques and new technologies that we need to be implementing and if we think about the infrastructure landscape we started with servers and VMs in kind of data centers, early clouds and a lot of times at that point security focused on perimeter security and network security what we have now is a world where we've introduced containerized applications where you may have code running in thousands tens of thousands hundreds of thousands of containers that may be between servers as we look at things like public cloud container services we start to see multi-tenancy and this creates a much more complicated security scenario where you have to now introduce new techniques and new technologies and within the Open Infra community we've been building technology to help give operators new tools to manage this kind of a security environment a big one of those being Cota containers Cota containers provides strong isolation but in a very lightweight way so that you still get all of the benefits of speed and density from containers but you have a stronger isolation mechanism around them that gives you better security it also enables certain features that you might want if you're trying to pass through hardware up to an application what we've also seen though is that with the original versions of Cota containers we're not just wanting to isolate containers and workloads from other containers and workloads but as we move into more and more adoption of this as we move into a world where we see things like the AI workloads that John was talking about we have assets in our containers we have assets on our servers that in some cases are some of the most valuable IP that businesses own these models all of the data that is contained with them are extremely valuable for these businesses and they want to make sure that that data is private is secure and remains secret to them and there's been a new movement that's been emerging over the past few years called confidential computing and here we're not thinking about just workloads and tenants from each other but we're including in our threat model and in our security model how do we make sure that even if someone has physical access to a server that my workload, my data is still secure and secret to them and so we see hardware support with things like AMD SEV we see various types of networking stacks and container stacks that wrap this up and we have seen this support coming into Cota containers with the confidential containers project Cota was started a little over five years ago and to talk some about these container security implications and the progress that we've made as a community of the first engineers of the Cota project who are going to do a demo and talk about this, help me welcome Wang Xu and Peng Tao all right Xu welcome all right go get that setup let's make sure we've got the we're going to do more than two months thank you Jonathan and thank you and I can still remember the five years ago 2018 in Vancouver and at this stage I together with Amy to announce the 1.0 release of Cota containers and today, this year we have released the 3.0 version yeah I'm Wang Xu from the Ant Group and also I'm the co-founder of the Cota containers project and this is my team member Peng Tao he also writes the first line of the Cota code introduce yourself hi everyone it's a pleasure to be here demo for the Cota the 3.0 release we introduced the rust implementation of the runtime part and also we have a built-in built-in VMM for the sandbox so you can run one part only one process and this is the which is improved in the architecture and also we have introduced the confidential container support it's about the computer computing so when we introduced Cota it protected infrastructure itself from the workload if there is something try to attack inside the sandbox and get the privilege it cannot escape the sandbox and in some work load such as the financial and some other privacy you need to protect your content from the infrastructure I mean if there is anything wrong in the infrastructure they cannot access the content of the inside the sandbox that's the confidential computing and we have introduced an initial support for the confidential container called COCO and today we will do a demo for it we are ready to go we got this demo great we will show a live demo this is run on the Alibaba cloud it's a commodity server with the ICU support we have a lot of AI things in the keynote this one is also AI related we have introduced Lama the large model inside the container so you're going to be running your own large language model inside of a container on a server that supports SEV for the memory encryption yes but right now I think we should wait for it at the first day we launched the Cata beside the slogan the secure of VM and the fast of container but today well it's launched in 35 seconds not really slow because it's confidential so it's a bit slower and yeah because it's a confidential container so if we try to use the exact to access the content of the container you can't and also you cannot access the memory of the container from outside but you can still use SSH to login it yeah show us and show the CPU features you can find the ICV inside so we have already run in the server and let's try to chat with it okay okay with the question we should ask it let's explain the theory of relativity okay T as created by Mr. yeah so so long so so can you ask me stop okay you're finished stop so after it stop the relativity and we have another question for it yeah I think early minutes ago Mark said some we're writing the code that Mark was talking about yeah without a programmer we have become a prominent engineer yesterday in rehearsal we used it it knows many languages mm-hmm yeah we just ask you to write the program and we cannot guarantee it can run okay okay okay okay enough okay who knew AI was so talkative yes you're more than me and so this time we bring several kata related topics here and the two of them are about the kata architecture so let the AI tell us which one is better the first one is about the kata the architecture of kata 3.0 that's from the punta itself and the second one is about some new feature we'll introduce in kata 4 and it is wait a minute which one were you training this model no no no because every time we create a new container so the last one is destroyed it has no chance to learn from what we try yeah so probably go with the topic punta oh what a pity you cannot try this topic this topic have already finished it's top PM today so that's all that's our demonstration you can say goodbye to it okay it's you oh that's all the demonstration of kata and I think for the AI part the confidential about the GPU in kata is not really right now but we just run it in the CPU so it's a bit slower yeah that's all the demonstration yeah well thank you for demonstrating that it's awesome to see the way that the community is building new open source solutions to take care of the new architectures and yes there is another session tomorrow as well as Thursday where you can go learn more about the next kata containers developments so moving from the engineers who are writing software and kind of helping us see where we need to go with container security I want to actually move now to hearing from some operators who are running this and these are operators from Microsoft who are implementing container security solutions in the Microsoft Azure Kubernetes service so this is really cool to have Microsoft Azure represented here and coming to talk about what they're doing and also to have them participating in the open and for community so please help me welcome from Microsoft Amar and Michael hey everybody glad to be here my name is Michael Withrow I'm a product manager on the Azure community service my name is Amar Gouda I'm principal product manager in Azure Conferential Computing I've been part of the team for the last five years Amar and I essentially are working through a couple of different options essentially walking through CAD of confidential containers to achieve zero trust operator deployments within Azure community service to start out at Microsoft Azure we love open source what does that mean? Not only do we consume open source but we actually heavily contribute to open source so there are many initiatives across the open source community that we heavily have a lot of developers in that heavily contribute to make open source capabilities work natively within Microsoft Azure obviously open source remains a big differentiator for organizations there's many different communities capabilities that exist from our perspective the big thing that I want to call out for that's important to understand is because we have all the developers integrated into the upstream communities we actually natively leverage the APIs that come from the open source community we don't proxy we don't fork any of those things off and everybody gets the benefit of everything that we're building as well as we do so with that essentially as we talked about this is to announce CAD of containers for pod sandboxing on AKS essentially we've technically had this in public preview since February of 2023 we're working heavily towards geeing this feature set when you look at the scenarios obviously the big thing that we're hearing from an AKS perspective a lot of talks about this is how do I leverage multi-tenancy how do I bring multi-tenancy to my environment typically a lot of customers deploy a single cluster deploying one application in there and they're looking to make that deployment a lot more dense a la multi-tenancy so when we look at that obviously from an AKS perspective not only do you have a lot of S500 customers across the globe that are running on top of AKS but a lot of Azure services also run on top of AKS as well and the theme of what they're looking for comes from both of those initiatives so we look at the implementation from a CADA perspective obviously starts with a Microsoft hypervisor nested VM capabilities and then we actually integrated CADA with our cloud hypervisor capability as our virtual machine manager now kind of turn over to Amar to kind of talk about confidential containers thanks Michael so we did not stop here right but CADA gave us an amazing platform for VM level isolation and we have offering and Azure has been a pioneer on one of the co-founders of Conferential Computing Consortium back in 23 or 4 years back so we have invested heavily into Conferential Computing and we want to build on top of it you saw our demo from Ali just before about Conferential VMs and what AMD, SCV, SNP has to provide so we've been actively contributing with Conferential Containers which is part of the CNCF incubation going into sandboxing very soon so we want to work with the community build with the community and have an offering where you are empowered to run the same stack wherever you want to run so that's the strongest fundamentals we're building on top of so some of the contributors to CADA Conferential Containers are Intel, AMD, NVIDIA, hardware providers you have Red Hat heavily invested into this one of the co-founders of Conferential Containers or COCO is how we call it so what's this looking like on AKS so we just last month announced upcoming preview this is already going public preview where you can run Conferential Containers on AKS first class fully supported with AMD, SCV, SNP which is the next version of SCV with higher confidentiality and code integrity promises I have a slide that talks about how we extend the Conferential inferencing model protection as well as a tested inferencing where your data is private but you are checking if this is really genuine Conferential Computing environment so we've been in this for pretty long and we have journey and look at the comprehensive sort of services that we have announced that includes the data stack just not the infrastructure stack as well as the services on build-off so this is a whole ecosystem of offerings we've fully invested into how you can achieve your end-to-end confidentiality goals it's just not about processing the data in a TE you can store that PII data and the private data somewhere so this is going to allow you to achieve your full end-to-end goals we also have developer tools on top of this as well so let's look at what COCO has to offer and what tech stack we are building this on top of so first to start with right so it's a big Kata containers is a baseline Kata Conferential containers is a next layer we run confidential VMs as a micro virtual machines that are very ultra lightweight, highly hardened and full attestation capabilities that run AMD and we're going to invest into newer hardware as they become available one thing you saw previously is we have Intel TDX offerings as well going into private preview we have NVIDIA GPU going into H100 confidential GPUs as well so we are one of the first vendors to announce support for NVIDIA as well some of the scenarios the confidentiality is cool but can I use it for everything else yes if you're really serious about confidential security and securing your code and you have low trust on the provider this is a way for you to get into this you can go to the MS link to read more about Coco and AKS so the tech stack is built on the same cloud hypervisor as a virtual machine manager we run nested VMs this is our start we're obviously working in other technologies to expand into non-nested as well this is running Microsoft hypervisor with cloud hypervisor to orchestrate all of this so you're going to just run a single AKS Worker node but AKS Worker node can get partitioned into tiny VMs and each VM is a part of our architecture we have a dedicated session tomorrow we go into this, we show you a demo as well, I'll quickly go to that slide so what are the goals? so we have Coco, here are our protection goals we will protect you and we plan to and ignore our goal is to protect from all of these parties so you are controlled off your destination and the code you trust and run and every code that is part of your TEE is fully open source and auditable so quickly going into how this would look for example in the world of AI very relevant model protection, you saw our demo we're extending it even further, you could do a test at TLS even before you saw your responses, you're asking questions to large language models you can challenge the model as a proof you are running in a confidential environment and need my security baseline that's when your client and browser is trying to do that authentication we call this mutually attested TLSs and that's when you start doing inferencing so your data is fully private from the cloud provider and the only thing that is accessible to you is the code and the session that you have with the client this is how we are enabling you could learn more in the upcoming session so please stop by we have a demo, we have a streaming analytics using Kafka running dapper I'm going to show you a demo of how we're going to do that with Coco on AKS thank you all, this was amazing, thank you alright, thank you that was a very quick overview of a lot of information so make sure you get to their session where they're going to have time to dive deeper into it and they are also doing a demo at that and that's going to be tomorrow morning so we've talked a little bit about some of the projects that help us secure our workloads one of the things that we need to be thinking about is also how do we secure our projects what should we be thinking about as open source communities and developers especially in the context of what Thierry talked about earlier this morning where we really see governments around the world waking up to the ubiquity and power that open source software communities kind of wield and create through their work and so we're going to take a little bit of a moment here to hear some of the things that we can think about as architects, developers community leaders working in open source to help make sure that we are thinking strategically and putting our projects on a good track so to talk about that help me welcome Ava Black Hello folks, good afternoon I know we're getting towards the end of the day so I'll kick us off here by saying sometimes it's hard to think about things in the abstract we've probably all been hearing a lot about S-bombs and supply chain security but I'm going to take this back to something tangible one of my favorite things pie and I won't say in your way between going and getting some pie after this for too long this is a pie that a friend of mine baked, a lovely smoked apple pie but if it was sitting here in front of you on a table or on the stage would you just walk up and eat some without knowing anything else about it probably not if it had a list of ingredients next to it you know a little bit more but is that enough do you know where the ingredients expired were they subject to a recall because of some contamination was the flour gluten free it doesn't say is the cookie even any good how would you know is the list even accurate and ultimately if you got sick from eating the pie do you have any legal remedy the answers to all these questions are supply chain questions and this is where food safety and a lot of other regulated industries have rules that they have to follow how does cyber security not so much how does open source fit into all of this well as Thierry was saying open source is everywhere it's in everything it's all around us black duck is a cyber security company they publish a pretty good report on the security of open source projects I think this was their eighth year doing it and in it they point out that 96% of all software stacks that they surveyed 76% of all stacks contained open source that hadn't been patched in more than two years and 76% of all code that they surveyed in those stacks was in fact open source so really it is in everything all around us from our smart light bulbs to airplanes and F-16s to gas pipelines and pacemakers and banks the analogy here is that corporations have been selling pies without necessarily doing good quality control on the ingredients claiming it's not their fault people get sick because a log for J wasn't really theirs it was just an ingredient they sourced I've said for a while that open source has suffered from profit-motivated insecurity and I'll explain what I mean by this you've seen a couple timelines today I go back to about 2010 roughly when I saw the growth of this begin with financial incentives to hold back the ability, observability, maintainability and ultimately security from the open source commons which isn't a big deal if you're buying the product from the vendor but remember 75% of all code in all the things all around us is open source so if it's being deprived of security that actually does affect all of us and governments have noticed so the White House and the Office of the National Cyber Director put out a statement and a new strategy a security plan a few months ago that even calls out this practice directly now no company would sell a pie in a supermarket without a list of ingredients but effectively the software industry has been selling pies to the government and to consumers without transparency and that lack of transparency prevents consumers from acting in their own interest now the White House and the strategy also calls out open source to hold responsible those stakeholders who can solve this without burdening open source developers great innovation engine we all have built here in the past 15-25 years let's keep it going but European Union may be taking a different approach under the Open Infra Foundation put out a comment on this as did many other foundations as the OSI helped with some of these right up has been one of the most thorough it's unclear how this will play out in the next couple of years regardless it is clear that SBOMs are here to stay they are now part of US Federal procurement requirements and the minimum bar is pretty low right now but that bar is being raised there are already new regulations in addition to SBOM under review in the US and ingredient lists are not the end of the supply chain story for food or other regulated industries I predict they won't be the end of it for software either we will need to have the equivalent of food safety ratings, expiration dates that a little traceability barcode on the bottom of a can of soup that enables a recall a federally coordinated rapid response to vulnerabilities all of the tools for that are being investigated or invested in and built many in open source and that is the role I think foundations can play best to raise the bar for all the projects hosted in the foundation to build security into the development life cycle of the projects and thus the products that depend on them to coordinate with corporate sponsors while prioritizing the needs of the individual maintainers without whom none of this goes and to partner with other foundations to work with each other and collectively advocate to governments for the right balance of regulations for the right tools that benefit all of us I don't have enough time to talk about all the awesome tools out there this is a super super short list of a few of my favorites and I'm going to highlight three of them for you I think one of them even has a talk here this is a little last minute for me so I didn't not sure which ones two standards coming out of the open SSF that describe this space Salsa is a standard to assess safe development practices in open source and it's heavily inspired by practices that were pioneered and encoded in the open Infra and open stack foundations Infra team a decade ago the goal here is to normalize those across all of open source and the secure supply chain consumption framework is the counter side to that how do you consume it safely the omnivore project I helped start last year the goal is to without needing any project level changes help embed traceability throughout the entire supply chain in a binary way again the goal being zero effort for developers on this one and then lastly a little project that might have spun out after a bunch of conversations we had to help assess the risk of a project not just based on static analyzers or dependency checkers but on the community's development practices and this is kind of also similar to scorecard project in the open SSF which HipTrack takes as one of many inputs so thanks so much please get involved raise the bar of security for all of us thank you as I said security has many facets that we need to think about when we are wanting to build it into our environments and our projects and our software and so definitely thinking about these types of policy issues and the processes that we undertake in our projects is going to be more important going forward we have a number of sessions that you can go over the next couple of days related to security this week and if this is a topic that you want to spend more time on and contribute to in the community please join these sessions so that wraps it up for this segment and I am going to hand it over for some exciting super user award announcements now all right so there's two things that I love in this world one is data and one is organizations who talk about how they're using open source software and production so the super user awards have been around since 2014 to recognize organizations who not only operate open infrastructure but also have contributors back in the upstream community so to crown the winner for the 2023 super user awards please help me welcome Shu Wong you're back sorry we had to pull him away from the demo so yes last year in Berlin Ant Group was one of the winners of the super user awards so we're excited to celebrate in person because y'all weren't able to attend last year so welcome but yes so first we're going to acknowledge all of the nominees because we had so many great organizations nominated and not just for one project most of them talk about how they're leveraging and contributing to multiple open source technology communities so the first one is an organization that supports Zool installations that run several thousands of jobs per hour which is it's Akamei Gaiting is an organization whose global compute and storage investment consists of over 400,000 open stack cores several petabytes of RAM and hundreds of petabytes of replicated ceph lock and object storage Bloomberg Engineering the next nominee has contributed over 40,000 lines of code to the open stack project which is significant and other communities like Linux they have also contributed over 30 commits and a thousand lines of code to feature such as dirty limit and issue fixes the next nominee has multiple systems running Starling X and test environments on behalf of their customers in the last three years and have been actively involved in the Starling X community and they're also our first nominee for the Starling X project so our next nominee is a cultural and tourism industry provider in China that has formed by integrating different public clouds and private clouds for various business sectors in a certain province our next nominee offers documentation and tutorials on our Wiki and blog for a wide range of open source technologies you can actually find a lot of those directly on SuperUser itself which makes them a great nominee and the next nominee their storage and computing capacity is distributed among multiple open stack private clouds and supported by other open source technologies like Rabbit and Q and MySQL OpenMyPost Our next nominee we have a lot this year like I said there's a lot of organizations innovating with open infrastructure so Workday has talked a lot in the open infrared and open stack summits before about their open stack usage what's really exciting is they're here this week and how they migrated from Jenkins but they also leverage other open source projects like Ansible and Calico and have over 3 million cores of open stack in production Workday and this is also last sorry alright last one I promise so this is another Zool user so they have with its modern tool chain of Zool Ansible and Calico as well as some custom tooling they this is the wrong description but I still want to recognize them so TPG Telecom is actually an open stack user so we'll still recognize their contribution to the community alright so this is the moment to decide who we're going to put give it to ready? it's Bloomberg Engineering of SuperUser award winners are there more coming? open infrastructure and we do have an open stack powered baby now so congratulations to Jonathan Bryce for his new addition to his family it's his first keynote alright thanks y'all