Virtualization Overview

SCM builds on top of the OpenStack Infrastructure-as-a-Service (IaaS) framework. OpenStack may be configured in many different ways, but SCM configures OpenStack for its needs.

OpenStack is configured to use the kernel-based virtual machine (KVM) hypervisor for virtualization. Each VM has its physical compute properties of boot disk size, number of CPU cores, and amount of random-access memory (RAM) set based on an OpenStack flavor, which are exposed via SCM as server-instance types.

Ceph storage is used to store disk images for OpenStack Glance. These images are raw format disk images that an administrator has uploaded into Glance, and contain a full operating system (OS) installation and potentially additional packages pre-installed. When a new VM is created, its boot disk is created by cloning the disk image from Glance into Cinder, OpenStack’s block storage service. Since both Cinder and Glance are configured to use Ceph, this disk cloning can take place using space-efficient copy-on-write (COW) techniques, meaning that new VM disks take up very little space. It is only as files are written and the disk contents diverge from the clone parent, that new storage space is consumed.

Each VM gets its private IP address via dynamic host configuration protocol (DHCP). The IP addresses visible within a VM are private networks only. For external users to access the VMs (i.e. via SSH), an IP address is checked out from a pool of public IP addresses. This “floating IP” address is bound to the node by OpenStack. OpenStack networking then uses NAT to accept incoming traffic for the public IP address and forward it to the VM’s private IP address. A set of security group rules filters inbound traffic.