Cloudstack for z/VM Meeting September 1, 2017

Requirements discussion, recap, any further storage requirements?
Any questions from Alberto’s demo last week?
Intern update

Recording: https://drive.google.com/file/d/0B8Uo3_Z83yK2N1YtVEhUTkxMemc/view?usp=sharing

Attendees:
Barton, Velocity
Harry, Marist
Mike F, SUSE
Mike Mac, ADP
Neale, Sine Nomine
Rahmira, NCAT
Paul, IBM
Emily, IBM
Erich Amrehn, IBM
Len, Vicom Infinity
Martha, Marist
TR, SUSE
Amit, OMP

Intern update:
Amit talked with Rahmira and Martha, thank you! He’s looking for more customers to interview. Emily and John are still talking with the OpenStack Foundation about ways to get the interns to present at the summit.

Requirements recap:
– Group goals were defined as
---- Define reference architectures for cloud on z/VM
---- Demonstrate with a new cloud solution the advantages over manual deploys

Deploy time of under 1 minute for everything up until the guest boots

Still need to define which underlying technology is best, options so far: SMAPI, LXC, zPRO

Networking: cloud solution should manage IP addresses and divide guests between vLANs, should support an external DHCP, should support floating IPs, SDN is not a requirement, should support floating IPs

Storage: guests need to have a root disk and additional disk available for the life of the guest. Root disks should be able to be specified in cylinders (if ekcd), GB should be fine for other disks. Could support the root disk cylinder size via passing it over metadata in open stack

Security requirements:

Security context:
definitely want to have a separate security context in the cloud than on z/VM, so access to the cloud does not equal access to the z/VM system (and vice-versa), maybe need a demo of keystone. Having a guest running alongside that correlates logs from ESM and from the cloud solution to get a full audit trail. Looking for some examples of how the logs would pull together.
TODO: Emily will try to pull together some logs from both the ESM and Openstack to show how they would leave together.

Security of cloud deployed guests:
Defining a less than class G privclass for cloud-deployed guests, not allowing root ssh, although sometimes might want to allow that, firewall on guests, more info in bash history with ldap id etc if they have root access to get a better audit trail

High availability/Recovery
SUSE open stack cloud, has provisions for HA of the control plane. Has HA for the compute node on KVM. Challenges exist for HA of the control plane on z/VM, maybe would require having an SSI with guests defined. Has an idea of a node going into maintenance mode and control passes to another node, uses Live Guest Relocation to shift guests off to another compute node.
Difference between HA of the compute/controller and HA for the cloud deployed guests. Need an idea of a tool to inventory z/VM. Mike could do a demonstration of how it looks on KVM on Intel.

Start up time requirement: discuss next week

New open source package zuess, from the ADP. Includes the web UI that Mike demoed to the group in June. https://sourceforge.net/projects/system-zoom/files/