OpenStack–IDentity and Networking
Keystone Identity Service in OpenStack
- Keystone is the most important and preferred Identity Service in OpenStack and executes the complete OpenStack Identity API.
- The Keystone Identity Service is responsible for user management and service catalog. In user management, it tracks users and their permissions while Service Catalog offers a list of services available with their API.
- The former provides authentication credential details of users, tenants and roles.
- Internal services like Token and Policy are also part of Keystone Identity.
Networking Managers in OpenStack
Flat Network Manager: This places all VMs on a single network utilizing the same subnet and bridge as created by the administrator. Thus, all VMs share the same network that can be interconnected and are known to have Flat Network Manager.
- Flat DHCP Network Manager: Much similar to the above except that the IP addresses to VM are assigned via DHCP (Dynamic Host Configuration Protocol).
- VLAN: Unlike the single network concept, VLAN facilitates more secure and separate network to VMs. It has a physical switch to offer separate virtual network and separate IP range and bridge for each tenant. This is indeed most preferable choice for multi-tenant/project environment.
Leave a Reply