A virtual Private Cloud (VPC) is a virtual Cloud over the cloud. The resources and infrastructure is shared with other VPC users but they feel as if the resources are private to them.
As per wikipedia, the resources are allocated among the VPC users like VLAN or a set of encrypted communication channels etc.,
Is Project equivalent to VPC?
IMO, its equivalent in a limited way. Project/Tenant Owner can create network resources specific to them. But the following are limitations
- Cannot manage other users within VPC
- Cannot isolate user resources. They are all shared across other users of that Project
In addition to the above - Ask the following questions and we get a solution
Why would any enterprise want to share private user list with Public Cloud Service Provider!!!?
Why would any Cloud Service Provider want to manage minor administrative things of a VPC user??
It must be one time effort for a Cloud Service Provider. Create a VPC, allocate resources and create a VPC Admin and hand off.
What is needed?
Keystone in Openstack need some changes. A new level of admin user for VPC must be created.
Public cloud is managed by Service Provider(SP) Admin.
As a SP Admin, he can create new VPCs, manage VPC Admins, allocate resources for it.
As a VPC Admin, he can create new projects with in VPC, Manage resources allocated to the VPC and manage users of VPC.
Thus, a VPC would have full set of Cloud features under the control of VPC Admin. And SP Admin need not intervene into management of VPC Cloud
Keystone needs to define VPC Admin as
- Admin to all resources with in VPC
- Admin who can manage users with in VPC
- Admin who can manage(create/delete/update) new projects in the VPC
All openstack Services must create new set of policies for the VPC Admin.
Comments
I welcome comments and suggestions to define VPC model for Openstack.