Cloud services
OpenStack as Private Cloud to offer IaaS and PaaS for unmanaged VMs (April 2026 onwards)
In April 2026 we will offer OpenStack to selected users for evaluation and tests, starting September 2026 OpenStack will be available to all students and staff.
Initially we will only offer Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) with self-service for users. Based on this we will further extend the platform with additional services. This will continuesly replace VMware until Q4/2026.
The following is a working draft of the technical service description of our OpenStack platform.
1. Hardware
Due to lack of power in the datacenter, we start with 2+2 nodes only and gradualy increase as the situations allows.
1.1 Control Plane
4x Supermicro Server SYS-122H-TN (8 bay NVMe):
- 2x Intel Xeon 6530P
- 16x 32GB PC5-51200 6400MHz DDR5 ECC RDIMM
- 1x Intel E810-XXVDA2 - PCIe 4.0 x8 - 2x SFP28
- 2x SolidIGM D7-PS1010 1.92TB U.2
- 2x SolidIGM D5-P5430 7.68TB U.2
1.2 Data Plan
upto 32x Supermicro Server SYS-122H-TN (8 bay NVMe):
- 2x Intel Xeon 6756E
- 16x 64GB PC5-51200 6400MHz DDR5 ECC RDIMM
- 1x Intel E810-XXVDA4 - PCIe 4.0 x8 - 4x SFP28
- 2x SolidIGM D7-PS1010 1.92TB
upto 32x Supermicro Server SYS-122H-TN (8 bay NVMe):
- 2x Intel Xeon 6530P
- 16x 64GB PC5-51200 6400MHz DDR5 ECC RDIMM
- 1x Intel E810-XXVDA4 - PCIe 4.0 x8 - 4x SFP28
- 2x SolidIGM D7-PS1010 1.92TB
2. Software
2.1 Base System
Debian 13 (trixie)
2.2 OpenStack
OpenStack 2025.1 (epoxy)
3. Services
3.1 Core Services
| Service | Implementation Status |
|---|---|
| cinder | done |
| glance | done |
| horizon | |
| keystone | |
| neutron | done |
| nova | done |
| placement | done |
| rally | done |
3.2 Supporting Services
| Service | Implementation Status |
|---|---|
| haproxy | done |
| mariadb | FIXME: TLS in galera replication |
| memcached | |
| ovn | done |
| proxysql | TODO: implement debian deployment/packaging |
| rabbitmq | done |
| dehydrated | TODO: review and merge patches |
| Ceph | FIXME: needs lifecycle for capacity |
| SSP | TODO: finish OpenStack integration |
4. Features
4.1 User Features
| Service | Implementation Status |
|---|---|
| VM create | done |
| VM start | done |
| VM stop | done |
| VM remove | done |
| VM console | done |
| VM life migration | done |
| VM cold migration | done |
| VM Snapshot create | done |
| VM Snapshot remove | done |
| VM Snapshot restore | done |
4.2 Infrastructure Features
| Service | Implementation Status |
|---|---|
| Storage | completely on Ceph |
| Ceph | RBD and Pool snapshots work alongside (copy image into image pool) |
| Hostnames | TODO: schema needs to be checked/finalized |
| Subnets | TODO: schema needs to be checked/finalized |
| Addresses | TODO: schema needs to be checked/finalized |
| Permissions | TODO: LDAP schema needs to be checked/finalized |
| Backup | TODO: apart from Ceph Snapshots, OpenStack has a Backup service |
| Monitoring | TODO: needs to be implemented |
5. TODO
5.1 Notes
- define VM flavours
- define user limits
- define Firewall processes
- update tooling to build VM images
- clarify host aggregates vs availability zones
- clarify MWS Subnets
- setup test environment
- clarify maintenance vs development
- clarify feature roadmap
- create user documentation
- check apache hardening
- document 1way vs 2way TLS
5.2 Problems
- "horizon slow"
5.3 Procedures
- Review
- Resiliance/HA tests
- Disaster recovery
- TLS renew test
- Update tests