Concepts
The IaaS (Infrastructure as a Service) offering from Cloud Temple is designed to meet the critical requirements for business continuity and disaster recovery, with a particular focus on demanding sectors such as industry, banking, and insurance. Built on cutting-edge technologies, this infrastructure ensures maximum availability and optimal performance for your critical workloads.
A trusted technology platform
The Cloud Temple IaaS platform is built on internationally recognized technology partners:
- Compute: CISCO UCS.
- Storage: IBM Spectrum Virtualize, IBM FlashSystem for block storage, and DELL ECS for object storage.
- Networking: JUNIPER.
- Virtualization: Open source stack, providing a reliable and proven foundation for managing your cloud environments.
This architecture is based on the VersaStack model, a collaboration between Cisco and IBM, ensuring broad compatibility with major software vendors.
A dedicated and automated infrastructure
Although fully automated via APIs and a Terraform provider, Cloud Temple's IaaS offering provides a unique infrastructure:
- Dedicated resources: Compute blades, storage volumes, and software stacks (virtualization, backup, firewalling, etc.) are never shared among clients.
- Maximum predictability: You have full control over virtualization rates, storage IOPS load, and benefit from clear, consumption-based monthly billing.
The platform is certified SecNumCloud by the ANSSI, ensuring a high level of automation and security.
Hauptfunktionen
- Dedicated und on-demand Rechenressourcen (CPU, RAM).
- On-demand Speicher (mehrere Klassen verfügbar).
- Netzwerkressourcen (Internet, private Netzwerke).
- Kreuzsicherungen mit konfigurierbarer Aufbewahrungszeit.
- Asynchrone Replikation für Speicher oder virtuelle Maschinen.
- Steuerung über die Console oder im Infrastructure-as-Code-Modus über APIs und den Terraform-Provider.
Vorteile
| Vorteil | Beschreibung |
|---|---|
| Digitale Vertrauenswürdigkeit | Speicherung von Daten in Frankreich und Einhaltung der DSGVO. |
| Sicherheit | Hochsichere Plattform, zertifiziert SecNumCloud, HDS (Hospizierung sensibler Gesundheitsdaten), ISO 27001 und ISAE 3402 Typ II. |
| Hohe Verfügbarkeit | Plattformverfügbarkeit von 99,99 %, monatlich gemessen, inklusive Wartungszeiträume. |
| Resilienz | Implementierung von Kontinuitäts- oder Wiederherstellungsplänen je nach Bedarf. |
| Automatisierung | Vollständig automatisierte Plattform, entwickelt für die Integration in ein digitales Transformationsprogramm. |
| On-Demand | Ressourcen sind nach Bedarf verfügbar. |
Regions and Availability Zones
The OpenIaaS product is deployed within an availability zone.
An availability zone is part of a region.
This deployment model allows you to select the location of clusters and distribute them across different availability zones (AZ).
This provides better load distribution, maximizes redundancy, and facilitates the implementation of a disaster recovery plan (DRP) in the event of an incident.
Compute Blade Classes
The available compute blades for the Bare Metal offering provide a range of performance options to meet diverse requirements:
| Reference | RAM (1) | Frequency (2) | Number of Cores / Threads | Connectivity (3) | GPU (4) |
|---|---|---|---|---|---|
| ECO | 384 GB | 2.20/3.0 GHz (Silver 4114 or equivalent) | 20 / 40 threads | 2 × 10 Gbit/s | - |
| STANDARD | 384 GB | 2.40/3.4 GHz (Silver 4314 or equivalent) | 32 / 64 threads | 2 × 25 Gbit/s | - |
| ADVANCE | 768 GB | 2.80/3.5 GHz (Gold 6342 or equivalent) | 48 / 96 threads | 2 × 25 Gbit/s | - |
| PERFORMANCE 1 | 384 GB | 3.20/3.6 GHz (Xeon E-53I5Y or equivalent) | 16 / 32 threads | 2 × 25 Gbit/s | - |
| PERFORMANCE 2 | 768 GB | 3.00/3.6 GHz (Gold 6354 or equivalent) | 36 / 72 threads | 2 × 25 Gbit/s | - |
| PERFORMANCE 3 | 1536 GB | 2.60/3.5 GHz (Gold 6348 or equivalent) | 56 / 112 threads | 2 × 25 Gbit/s | - |
| PERFORMANCE 4 | 512 GB | 2.50/4.1 GHz (Intel 6426Y or equivalent) | 32 / 64 threads | 2 × 25 Gbit/s | 2 × NVIDIA L40S 48GB |
Notes
- (1) The amount of memory is the physically available memory on the blades and cannot be modified.
- (2) The frequencies listed correspond to the minimum base frequency and the turbo frequency.
- (3) Physical connectivity is shared for network access and block storage access, thanks to a converged Cisco UCS architecture.
- (4) Available GPUs evolve with the latest technologies. As of May 1, 2024, the offering includes NVIDIA LOVELACE L40S GPUs.
- (5) High availability on a cluster is available only with a minimum of 2 nodes.
Infrastructure availability is guaranteed at 99.9%, measured monthly, including maintenance windows. Any SLA-related request must be reported via an incident ticket.
Block Storage Classes
Distributed block storage, based on IBM Spectrum Virtualize, offers a range of performance tiers suited for various use cases:
| Reference | IOPS/To | Primary Use Case |
|---|---|---|
| FLASH - Essential | 500 | Light workloads |
| FLASH - Standard | 1500 | Standard workloads |
| FLASH - Premium | 3000 | Intensive workloads |
| FLASH - Enterprise | 7500 | Critical workloads |
| FLASH - Ultra | 15000 | Ultra-intensive workloads |
| MASS STORAGE - Archival | Not applicable | Cost-effective storage for archival |
Features
- Technology: Flash NVMe with Distributed RAID 6 for enhanced resilience.
- Availability: 99.99%, measured monthly.
- Restrictions: No limits on reads or writes. No automatic compression or deduplication, ensuring full utilization of allocated volumes.
Storage Block Security and Encryption
To ensure the confidentiality of your data at rest, our entire block storage infrastructure integrates a robust hardware-based encryption.
- Encryption Type: Data is encrypted directly on the disks (
Data At Rest) using the XTS-AES 256 algorithm. - Compliance: This encryption method complies with the FIPS 140-2 standard, ensuring a high level of validated security.
- Operation: Encryption is applied at the time data is written to the physical storage medium.
It is important to note that this encryption protects data stored on disks. It is not active "on-the-fly," meaning data is not encrypted during storage replication operations between availability zones. Security of transfers is ensured through dedicated and secure communication channels.
Networks
The OpenIaaS product is compatible with private networks and internet access.
Two types of networks are available from the virtual machine configuration.
VLAN networks
VLAN networks must be deployed at a rate of one VLAN per network interface card. If you want to use multiple networks, simply create multiple network interface cards.
A limitation exists regarding the maximum number of network cards that can be created on a VM, which is 7.
VLAN Trunk
When you need to propagate more than 7 VLANs, you must use a VLAN Trunk.
The VLAN Trunk allows all your VLANs to pass through a single network interface. VLAN ID configuration must be performed via virtual VLAN interfaces from the VM's operating system. The VLAN IDs are the same as those present and visible from the console.
Virtual Machine Backup
Cloud Temple offers a native, non-disruptive distributed backup architecture, a mandatory requirement for French SecNumCloud certification.
Backups are stored on the SecNumCloud-certified Object Storage solution, ensuring optimal protection in the event of a major failure at the production datacenter. This approach enables data restoration on a secondary datacenter, even in critical incidents such as fires.
This comprehensive solution includes:
- Hot off-site backup of all virtual disks
- Flexible recovery options allowing selection of both recovery point and location
The backup infrastructure is based on an open-source, agentless architecture, combining ease of use with automated processes. This solution optimizes storage space utilization while maintaining high performance.
Backup and restore speeds depend on the rate of change within the environments. Backup policies are fully configurable per virtual machine via the Cloud Temple Console.
Important note:
Some virtual machines are not compatible with this backup technology, which relies on the hypervisor's snapshot mechanisms. This typically applies to machines with constant disk write workloads. In such cases, the hypervisor cannot complete the snapshot, requiring the virtual machine to be frozen to finalize the operation. This freeze can last several hours and cannot be interrupted.
The recommended solution is then to exclude the disk subject to continuous writes and back up the data using an alternative method.
| Reference | Unit | SKU |
|---|---|---|
| BACKUP - Service access | 1 VM | csp:(region):openiaas:backup:vm:v1 |
Creating a backup policy
To create a new backup policy, a request must be submitted to support, accessible via the buoy icon located in the top right corner of the interface.
Creating a new backup policy is done through a service request specifying:
- Your Organization's name
- Contact details (email and phone number) to finalize the configuration
- The tenant name
- The backup policy name
- Desired characteristics (x days, y weeks, z months, ...)
Virtual Machines
vCPU Resource Management
vCPU resource modifications are performed while the machine is powered off (cold). The platform supports up to 254 vCPUs per virtual machine (theoretical limit), with successful tests conducted on Linux VMs equipped with 128 vCPUs.
It is important to note that guest operating system support is a determining factor when allocating resources. Allocating resources beyond the limits supported by the guest operating system may result in significant performance issues.
Memory Resource Management
Memory modifications are also performed cold. The following limits apply:
- 1.5 TiB with memory snapshot support
- 8 TiB without memory snapshot support
- 16 TiB (theoretical maximum, without security support, minus RAM allocated to Xen and the control domain)
The actual usable memory may be limited by the guest operating system. Exceeding the limits supported by the guest OS can result in performance degradation.
Disk Management
- The maximum size of a disk is 2 TB
- Disks use the standard VHD format
- The maximum number of virtual disks per virtual machine, including CD-ROM drives, is 24
It is not possible to resize disks after they have been created. To increase storage capacity, a new disk must be created.
Tools for Virtual Machines
These tools are used to ensure optimal operation of virtual machines. When you wish to perform an action requiring one of these tools, a message will appear on the Cloud Temple console.
To install these tools, you can consult the official Xen Server websites to obtain precise instructions based on your OS.
Management Agent
The Management Agent is a component installed on each virtual machine. It enables the hypervisor to better manage the machine by providing access to more information and allows certain actions to be performed more cleanly.
PV Treiber (Paravirtualisierungstreiber)
Die PV-Treiber sind Treiber, die in der virtuellen Maschine installiert werden, um deren Leistung zu verbessern.
Ohne diese Treiber funktioniert die Maschine zwar, ist aber langsamer. Außerdem ermöglichen sie erweiterte Funktionen.
Die PV-Treiber sind in der Regel nativ in den meisten aktuellen Linux-Kernen enthalten.
Tools
Tools sind eine Reihe von Softwarekomponenten, die die Integration der virtuellen Maschine mit der Virtualisierungsinfrastruktur verbessern.
Catalogs
The catalog allows you to manage three essential types of items:
- Disk images (ISO)
- Configuration templates
- Pre-installed virtual machine templates
In the detailed view of a virtual machine template, you can review crucial information such as location, number of disks, and number of network adapters.
When the number of virtual disks is listed as 0, this indicates a configuration template without a preinstalled operating system, allowing you to deploy your own customized environment.
Virtual Machine Replication
The Virtual Machine Replication feature of Cloud Temple ensures the protection and continuity of your critical data by automatically creating copies of your environments in a separate availability zone. This functionality, natively integrated into the Open Source IaaS offering, meets the most stringent requirements for business continuity and disaster recovery.
Automated and Secure Protection
Cloud Temple replication is based on a SecNumCloud-certified infrastructure, ensuring:
- Asynchronous replication: Continuous copying of your virtual machines without impacting production performance
- Geographic separation: Replicas stored in a different availability zone than the source
- Full automation: Fully automated process via the Cloud Temple Console
- Regulatory compliance: Adherence to backup and business continuity requirements
Benefits of Replication
| Benefit | Description |
|---|---|
| Business Continuity | Protection of your critical services in the event of a major incident at the primary site. |
| Geographic Protection | Replication to a distinct availability zone, safeguarding against localized disasters. |
| Temporal Flexibility | Choice of replication interval according to your needs: from 1 minute to 24 hours. |
| Ease of Management | Configuration and monitoring fully integrated into the Cloud Temple Console. |
| SecNumCloud Compliance | Qualified infrastructure ensuring the highest level of security for your sensitive data. |
Replication configuration
Replication Policies
Creating a replication policy defines the protection settings for your virtual machines:
- Destination: Selection of the target storage within the replication availability zone
- Frequency: Replication interval tailored to your recovery point objective (RPO) requirements
- Retention: Number of recovery points to retain
Verfügbare Intervalle
| Intervall | Empfehlung für den Einsatz | RPO (maximale Datenverlustgrenze) |
|---|---|---|
| 1 bis 59 Minuten | Kritische Echtzeit-Anwendungen | < 1 Stunde |
| 1 bis 24 Stunden | Geschäftsanwendungen und Standardumgebungen | < 24 Stunden |
Association of Virtual Machines
After creating the policy, you can associate your virtual machines to protect:
- Single selection: Select VMs from the Console interface
- Automatic validation: Compatibility and prerequisites verification
- Immediate activation: Automatic start of replication after configuration
Replica Management
Policy Overview
The Cloud Temple Console provides a centralized view of your replication policies with:
- Name and frequency of each policy
- Destination availability zone
- Associated pool and storage
- Available management actions
Replica Overview
The replica table allows you to visualize:
- Names of replicated virtual machines
- Source and target locations
- Associated replication policy
- Export of data in CSV format
Best Practices
Recommendations by workload type
- Critical applications: Replication every 1–30 minutes to minimize data loss
- Business applications: Hourly or bi-hourly replication depending on requirements
- Development environments: Daily replication typically sufficient
Policy Planning
- Create distinct policies according to the criticality of your applications
- Clearly name your policies to facilitate management
- Regularly check the status of your replicas via the console
- Document your replication strategy for your teams
Important Note:
Replication does not replace a full backup strategy. It serves as an essential complement to ensure business continuity in the event of a major incident at your primary site.
Hochverfügbarkeit
Die Hochverfügbarkeit stellt die kontinuierliche Dienstverfügbarkeit virtueller Maschinen (VMs) sicher, falls ein physischer Host innerhalb eines OpenIaaS-Pools ausfällt.
Mit der Hochverfügbarkeit (HA) sendet jeder Host im Pool regelmäßig Lebenszeichen an seine Partner über den gemeinsam genutzten Speicher (Block Storage Heartbeat). Falls über einen längeren Zeitraum keine Antwort mehr erfolgt, wird der Host als ausgefallen betrachtet.
Ein als Heartbeat vorgesehener Block-Speicher bedeutet, dass er als Grundlage zur Authentifizierung von Hosts dient, die nicht mehr antworten.
Damit die Hochverfügbarkeit in einem OpenIaaS-Pool korrekt konfiguriert werden kann, ist es unbedingt erforderlich, über mindestens zwei Hosts zu verfügen, die miteinander verbunden sind.
Jede VM muss mit einer Priorität für den Neustart im Rahmen der Hochverfügbarkeit konfiguriert werden:
Disabled
High availability is not configured. In the event of host failure, the virtual machine will not be restarted.
Restart
In case of host failure, the virtual machine will be automatically restarted as soon as resources become available in the pool. Virtual machines configured in "restart" mode are prioritized over those configured in "best-effort" mode.
Best-Effort
In the event of host failure, the virtual machine will be automatically restarted only if resources remain available after processing all virtual machines configured in "restart" mode. The "Best-effort" mode performs only a single attempt; therefore, if resources are insufficient, the virtual machine will not be restarted.