Openstack provides services like server virtualization, block & object storage systems, software defined networking, an image repository, a web based dashboard and authentication. You can read more about Openstack and its various projects. For more information about Ceph, please read the Storage section below.
Fees for using the Collaboratory Resources
$0.03 CAD per vCPU hour (Billing calculated by allocation not % of utilization)
$0.000067 CAD per GB hour of storage (volumes, images and object storage)
* Please note that if you are using a flavour with 2TB+ disk you must use the Ubuntu 18.04 image so that the entire disk capacity is available to you. Any other image will result in only 2TB being available to you.
The compute infrastructure provides you with access to a large set of CPU & RAM and are provisioned on a per Instance basis. Instances are virtual machines and are available to be provisioned in several different flavours. Choosing the right flavour depends on your workflow. Use the chart below to find one that suits your needs. When provisioning instances you have the option to deploy using the Dashboard (see below) or by using the API. Many instances can be deployed at once. Amazon AWS Equivalent: EC2 / Elastic Compute Cloud.
Images are used to build your instances. They define the base operating system and can contain user applications. You can build your own images by uploading a new image, or by creating one from a snapshot. This is useful if you want to deploy instances with a custom set of applications to use for your workflow.
- Ubuntu 18.04,
- Ubuntu 16.04,
- Debian 9,
- CentOS 7
Access & Security
Network access to & from your instances is secured by using security groups. Security groups are a list of firewall rules that define what IP's, ports and protocols can connect to/from your instance. Security groups are controlled by the user, so it is important to maintain best security practices for your environment by limiting access to your instances only from necessary/trusted sources. Knowing your applications and what ports they use as well as what type of connectivity they require will allow you to confidently create security groups that fit the application. For example, a public web server would likely need to allow all ingress sources on TCP/80 & 443, but it is unlikely that you would need to also allow all ingress sources on TCP/22 (SSH). Limiting your exposure is a good security practice.
The Cancer Genome Collaboratory leverages Block & Object storage functionality based on the open source software 'Ceph'. Ceph provides a scalable and highly available storage solution across many commodity servers. Although Ceph is not part of the Openstack project, it is often used as part of a cloud solution with Openstack to provide storage functionality. Local storage is also provided to virtual machines using the hypervisors' local disks where the virtual machines are running.
Block Storage - Volumes
Block storage or 'Volumes' are logical block devices that can be attached to an instance and mounted from within the OS. Volumes can be used as permanent storage as they are decoupled from Instances. This allows volumes to be re-attached or re-used to different instances (typically one instance at a time), and the data remains on the volume. Amazon Equivalent of Elastic Block Store (EBS)
Object storage stores data in the form of objects instead of files and blocks. Object storage uses RESTful API's to interface with clients. Ceph object storage is compatible with S3 and Swift API's.
The Cancer Genome Collaboratory provides 10Gbps Internet connectivity, 10Gbps inter-host and 240Gbps inter-rack network connectivity using Openstack's Software Defined Networking (SDN). The Openstack Dashboard for Networking provides you with an easy to use Interface to view your Network Topology, create Networks & Routers.
Floating IP's provide the ability to lease a publicly routed IP from OICR space and assign it to your instance. Floating IP's are necessary if you need your instance to be accessible FROM the Internet. Without a floating IP instances only have outbound access to the Internet, however you can facilitate access between your instances using Networks (see below)
Networks are user defined and provide layer 2 instance to instance connectivity without needing to talk over the Internet. Internal networks also provide very high bandwidth between instances.
Routers are user defined and allow you to bridge multiple networks using Layer 3, provide a default gateway to the Internet and other networks. Routers also layer on the DHCP functionality so that your Instances are easier to manage.