One of Australia’s leading technology providers (who’s name we can’t mention due to security reasons) needed a secure multi-region private cloud to store their private data. We deployed a global cluster of OpenStack Swift Clouds, providing an even more secure storage solution for their data. Data sovereignty is just one reason to use a private cloud – it is important to utilise the flexibility and efficiency of cloud technology whilst at the same time protecting your data and keeping any sensitive information private.
Due to the highly sensitive nature of this customers data, they need a private cloud to keep this data secure. Previously, they had used a single-region standalone Swift deployment where all data was stored in the one data center. They now need a multi-region Swift deployment integrated with OpenStack Identity service, which also has the potential to expand to other OpenStack services.
The Aptira Solution
We love Swift! Aptira’s Solutionauts have loads of experience implementing Swift for our customers in Australia and across the APAC region, so when this project came along we already had a head start.
We proposed a containerised OpenStack solution deployed using Kolla-Ansible. The solution consists of a highly tailored OpenStack Pike deployment, however only keystone, horizon and Swift were deployed at the initial stage.
Swift was setup as a global cluster in two regions, with objects first written to the local region, then replicated to the second region. Swift endpoints were put behind their existing load balancers and a local Docker registry was setup to speed up the deployment.
We ran into a bug in Kolla the images – rysnc was not installed, resulting in failure of the cross-region replication. Not only do we love Swift – we love a challenge! We patched the images in their private Docker registry, swiftly removing the bug and reporting it upstream 😉
Aptira deployed our proposed solution into production – an OpenStack Cloud running swift in two datacenters as a global cluster and each datacenter as a separate region. Read/Write affinity has been enabled to allow for a replica to be written to the local DC before being replicated to the second DC, and this entire deployment has been automated by a customized and patched Kolla-Ansible solution.
Not only did this solution meet all their requirements and pass their acceptance test – their highly sensitive data is now stored more securely than their previous single-region standalone Swift deployment.