Network

It the diagram above, there are multiple subnets to separate packets in different tiers. But as mentioned in Part 2, you don't necessarily have to emulate the same network architecture in the cloud. You can use a single subnet for all tiers, and the packet separation can be achieved with Security Groups. By following this option, you could have the following simple network design. There is just a single subnet in each Region.

VM instance

In many cases, you would deploy all servers (Load Balancer, Web Server, Web Application Server and Database Server) as VM instances. Even though OpenStack provides a LBaaS (Load Balancer as a Service) feature, you need some 3rd party proprietary plugins for production use. The standard opensource plugin is provided as a sample implementation and not ready for production at the time of writing.

Security Group

Security Group defines a set of firewall rules according to server roles. In this configuration, you need to define the following groups according to four server roles (Load Balancer, Web Server, Web Application Server, Database Server).

The packet source can be specified with a subnet range or a name of Security Group. "Management Subnet" stands for a subnet range from which sysadmins login to the guest OS for maintenance. We assume that client SSL is terminated at Load Balancer, and it communicates to Web Servers with HTTPS. Web Servers communicate to Web Applications Servers with TCP8080. MySQL is used for Database Server.

After defining these Security Groups, you will assign them to each instance as below.

Cinder Volume

As described in Part 3, there are two options, Ephemeral Disk and Cinder Volume, for instance attached disks. Since Cinder Volume is required to store persistent application data, you need to attach a Cinder Volume to Database Server as a data volume.

Object Storage

To realize the redundancy across data centers, you need to replicate the database between two Regions. Though you can use the replication mechanism of MySQL in theory, it may not be a realistic option considering the limited network bandwidth between data centers in general. The safe option is to take a periodical database backup into the object storage. When you need to failover the service to another Region, you would restore the most recent data to Database Server in another Region. This means you use two Regions with the active-backup configuration.

Considerations on Failover Operation

As mentioned above, you need to restore the most recent data from the backup stored in the object storage. The object storage system should also be deployed across data centers in a redundant manner for this purpose.

You also need to take care of the global IP change. Since you cannot use the same global IP in different Regions, you need to use some additional mechanism such as Dynamic DNS so that clients can access the service with the same URL.

Network

You just define a single subnet in the Region which covers multiple Zones transparently.

VM Instance

You deploy Web Servers and Web Application Servers as VM instances. You can use managed services for other functions.

Firewall Rules

Firewall rules are defined with tag names assigned to instances as destination. The source can be specified with a subnet range or tag names. In this scenario, you would need to define the following rules.

"130.211.0.0/22" is a subnet range from where Load Balancer (and health checking system) accesses Web Server. "Management Subnet" stands for a subnet range from which sysadmins login to the guest OS for maintenance.

"web-server" and "web-application" are tag names assigned to Web Server and Web Application Server respectively. Instead of assigning rules as in Security Groups, you assign a tag name to instances according to their roles.

The access control for the database connection is configured based on the source IP address in the configuration of Cloud SQL.

HTTP(S) Load Balancer

GCP provides a HTTP(S) Load Balancer service with which you can use a single global IP address (VIP) to distribute client accesses to multiple Regions and Zones. In addition, you can use the single Cloud SQL instance from multiple zones as explained later. Leveraging these features, you can use the active-active configuration across multiple Zones resulting in a redundant service across data centers.

Cloud SQL

Cloud SQL is a managed service for MySQL database which provides data replication between multiple Zones. Scheduled data backup and failover process are automated in a transparent manner. You can also access the database from multiple Zones in the same Region thanks to the high bandwidth internal network.

Considerations on Failover Operation

Using the active-active configuration described above, failover can be completely automated. Since the load balancer service provides a single global IP for all Zones, clients can keep using the same URL to access the service.

This exemplifies the fact that you can build a high availability service with a simple architecture by combining Compute Engine with appropriate managed services on GCP.

OpenStack: Ephemeral Disk and Cinder Volume

OpenStack provides two different kinds of instance attached disks, "Ephemeral Disk" and "Cinder Volume". Initially, Ephemeral Disk was intended to be used as a system disk containing operating system files whereas Cinder Volume was to store persistent application data. However, Live Migration is not available with Ephemeral Disk, people often use Cinder Volume for a system disk, too.

When you choose Ephemeral Disk for a system disk, the OS template image (managed by Glance) is cloned into the local storage of compute node, and the local image is directly attached to the instance. When you destroy the instance, the attached image is also destroyed. On the other hand, Cinder Volume provides a persistent disk area (LUN) which resides in the external storage box. In typical configuration, the disk area (LUN) is attached to the compute node using the iSCSI protocol, and attached to the instance as a virtual disk. Even when you destroy the instance, the attached volume remains in the external storage. You can reuse the volume by attaching to a new instance.

• Comparing Ephemeral Disk and Cinder Volume

Since the disk image is stored in the local storage of the compute node, Ephemeral Disk is sometimes used to achieve better storage performance. It is also possible to use multiple storage boxes with different performance characteristics for the backend device of Cinder Volume. Users can specify the preferred backend in creating a new Cinder Volume.

In addition, applications running on the instance can access the object storage provided by OpenStack Swift.

Compute Engine: Persistent Disk and Local SSD

Compute Engine provides "Persistent Disk" as a persistent storage attached to an instance which corresponds to "Cinder Volume" of OpenStack. It is used for a system disk containing operating system files, and for storing persistent application data as well. The data is automatically encrypted when it goes out of the instance to the physical storage. A single Persistent Disk can be extended up to 64TB, but the maximum total capacity of the attached disks is restricted based on the instance size.

When you need a high performance local storage, you can also use the local SSDs. By attaching eight SSDs with each of 357GB capacity, you can use 3TB of local SSDs in total. Even with local SSDs, Live Migration is available. Since the data in local SSDs are copied between instances during Live Migration, there may be a temporally decrease in storage performance though.

In addition, applications running on the instance can access the object storage provided by Cloud Storage.

Reference:

• Storage Options

OpenStack: Metadata Service

OpenStack has "Metadata Service" which provides the mechanism for retrieving instance information from the instance guest OS. By accessing the special URL under "http://169.254.169.254/latest/meta-data", you can retrieve instance information such as am instance type, security groups and assigned IP addresses. You can also add custom metadata in the "Key-Value" form.

There is also a special metadata called "user-data". If you specify a text file as uesr-data when creating a new instance, the "cloud-init" agent running in the guest OS will receive it, and do some startup configuration according to its contents. Typically, you can use a script file as user-data which will be executed by cloud-init to install application packages on startup.

OpenStack: cloud-init

The agent package called "cloud-init" is preinstalled in the standard guest OS images of OpenStack. It handles the initial configurations, at the first boot time, such as extending the root filesystem space, storing a SSH public key and executing the script provided as user-data.

Compute Engine: compute-image-packages

The agent package called "compute-image-packages" is preinstalled in the standard guest OS images of Compute Engine. It handles the initial configurations at the first boot time, and also handles dynamic system configuration while the guest OS is running.

The dynamic system configuration includes adding new SSH public keys and changing network configurations required for HTTP load balancing for example. You can generate and add a new SSH key through Cloud Console or gcloud command after launching an instance. This is done through the agent running on the guest OS as a daemon process.

As a side note, the agent uses Metadata Server for the dynamic configuration. Compute Engine's Metadata Server provides a mechanism to notify the agent about metadata updates, and the agent is triggered with the metadata updates.

Reference:

• Scripts and tools for Google Compute Engine Linux images.