- Investigate different options of cloud setup and deployment
- OpenStack on Kubernetes
- Experiment with various ways of deploying OpenStack and configuring its services
- Kubernetes on Openstack
- BootKube to run Kubernetes services as containers on Kubernetes itself
- Kolla to run OpenStack as a container
- Investigate, and select a starting approach for, layers on virtualisation between edges, and try different authentications, for example ssl and keystone
- Run containers on top of openstack, then scale and investigate performance with different linux os, and authentication
- Try running same container with different kernels, and communication between then
- Setup an IDS (NFV)
- Experiment with OpenStack's Live-migration feature (stream below - image and information security)
- What type of database system is used in Openstack to store the VM instances or container images? (glance & keystone at open stack layer - something else entirely at Kubernetes layer)
- Are we investigating how securely access is made to the database to retrive the images?? (depends on interest in the above)
- Investigate different database engines such as RDBMSs (availability and consistency), and dynamo db (availability and portability).
- Investigate providing high availability and replication between multiple instances of database engine by deploying Galera cluster for database.
- Kerberos authentication as an external authentication method to provide tickets for the service requested by user
- Can Kerberos authentication be implemented using single signon i.e. using an external authentication which should act as a central database for the edge clouds to mutually authenticate 2 edge clouds before the container image be transferred
- Generate kerberos tokens using Fernet tokens (non-persistant)
- Can we use ADFS as the external authentication method
- Implement signing of images for integrity checks
- Using Castellan as a key manager
- Possibility of using another key manager
- Network topology need to be designed to understand the dataflow
- Test cloud performance and benchmark using different mechanisms such as OpenStack Rally and Yardstick. Test includes:
- Latency and packet delay
- Scaling performance
- How different deployments affect the OS performance
- Performance of basic cloud operations
- Availability
- Robustness and security measurements.
- Investigate different containers. Compare characteristics such as trade off between performance and security
- Linux containers (LXC)
- Docker containers
- Kata containers
- Understand what RedHat's OpenShift is capable of when built on top of OpenStack.
- Automate build, deployment and managements of applications
- Hide underlying layer
- Increase integrity by supporting different solutions and technologies
- Check for the possibility of Implementation of verifiable chains of trust, DNSSEC to trust the different edge nodes
- TLS Communication
- Investigate the issue with containers caused by little flexibility in operating systems. Running containers on different operating systems such as Windows.
- What is the performance drop caused by running a minimal linux core and deploying the containers on top of that?
- Compare this with Windows Containers introduced in Windows 10 and Windows server 2016.
- Investigate different message queuing protocols such as RabbitMQ and Qpid
- Kubernetes federation (alpha version) helps keeping the cluster highly available and portable: https://kubernetes.io/docs/concepts/cluster-administration/federation/
- Understand its capabilities and experiment with migrating applications across clusters → avoiding provider lock-in
- Take a look at federation v2 (prototype) which does not rely on Kubernetes API but has its own dedicated one: https://github.com/kubernetes-sigs/federation-v2
- Cloud abstraction libraries provide a unified API for accessing different vendors, reducing vendor-lock in. These could provide us with useful features
- Transfer container images from one cloud to another and to transfer, there need to be trust among the edge nodes, so the federation will be needed.
- Openstack cloud will work as a central database, so a single sign on can be implemented?
- To trust the images by the other node where it gets transferred from the images should be signed by the edge cloud before sending them.
- Investigate high availability load balancer such as HAProxy: https://en.wikipedia.org/wiki/HAProxy
- Investigate high availability resource manager such as Linux Pacemaker. Check: https://docs.openstack.org/ha-guide
Nice to do:
- Compare OpenStack with other technologies and identify benefits and drawbacks for our project
- CloudStack
- OpenNebula
- Eucalyptus (only AWS-compatible private clouds?)
{"serverDuration": 60, "requestCorrelationId": "95bea8ec60d91a4c"}