Data centre services scales services, not costs
The Dutch government’s data centre in Groningen (ODC-Noord) is becoming the benchmark for all of the government’s cloud services. ODC-Noord combines the open source cloud infrastructure OpenStack with the open source storage platform Ceph. The resulting cloud service is proving enormously scalable, while keeping costs low. As a result, the list of government clients using ODC-Noord’s cloud services is growing rapidly.
ODC-Noord now has 18 central government customers, runs 1500 virtual machines, and manages 12 petabytes of storage over 400 nodes. Costs per storage node or per virtual machine in this government data centre are on a par with Amazon Web Services (AWS), Microsoft Azure and EMC² VMWare.
The Dutch government distinctly separates its approach to open source software from its policy on open standards. The use of open standards is considered self-evident. Public administrations are expected to use open standards, or else explain why they are making an exception.
For one of the main users of ODC-Noord, the schools funding body DUO, this government policy is the driver for its modernisation. DUO is a government organisation responsible for the salaries of teachers and other educational staff, plus the financing of school buildings, state examinations and student grants. In 2010, the open standards policy was the starting point for DUO’s decision to build a digital solution for school examinations.
For ODC-Noord itself, the main driver is to get rid of IT vendor lock-in. “To do that, open standards and open source are not enough”, says Fijtse Vos, the system’s IT architect. “We also needed to get a thorough understanding of OpenStack and Ceph, invest in our staff skills, and build and install our own upgrade mechanism.”
Description of target users and groups
ODC-Noord considers all government organisations to be potential users of its cloud services. However, the organisation is not allowed to provide its services to quasi-governmental organisations (Zelfstandig Bestuursorgaan, ZBO), as these institutions must be run as independently as possible.
Description of the way to implement the initiative
“The basic components for any cloud solution are storage, computing power, and networking”, ODC-Noord explains on its website. “There are many options out there, but when, like ODC-Noord you support open standards, and want to use open source, Ceph and OpenStack immediately stand out.”
The data centre began an OpenStack and Ceph pilot in September 2014. At first, the engineers struggled to get it running: they were working with borrowed hardware, and in addition had to work with a mix of controllers and network nodes. However, they learned fast, and by 2015, their cloud service was already outperforming alternatives such as AWS, Microsoft Azure and VMWare. Requirements included being able to host the software in their own data centre, no IT vendor lock-in, and the ability to respond to a wide variety of government tasks.
Scale services, not costs
In 2015, the National Archives of the Netherlands (Nationaal Archief) became interested in using the services. The National Archives is looking to grow its storage to around 100 petabytes. “When we heard that, we were very glad we had selected open source”, says Henk Bultje, one of the project managers at ODC-Noord, “Only open source allows us to scale, while keeping costs manageable.”
Other customers include the tax and customs administration and DUO, the schools funding organisation referred to above. In the Netherlands, over 1.5 million high school exams are taken online and plans are being made to move this workload to the ODC-Noord cloud infrastructure. The necessary expansion will give a enormous boost to the Dutch government’s Internet services, especially in terms of load balancing and peering. The resulting Internet services will form the foundation for a new generation of digital government.
Currently, ODC-Noord is working with the Dutch government’s judicial collection agency Centraal Justitieel Incasso Bureau (CJIB) - the organisation responsible for collecting traffic fines and coordinating imprisonment, community service orders and arrest warrants - and DUO (see above) to build a “massively scalable container platform” based on Docker and Kubernetes.
Kubernetes is an open source application used to automate the deployment, scaling and management of applications that are containerised. Containerisation, in turn, is a way to deliver applications or entire computer systems as isolated user-space instances. Containerisation makes system maintenance easier, greatly improves the portability of applications, and refines security. Docker is one of the most popular ways to create and deploy such containerised applications.
This container platform is expected to go into production in the summer of 2017, and ODC-Noord reports that many other government organisations are queuing up behind CJIB and DUO.
Over the past two years, the project team has gained extensive experience in migrating virtualised machines (VMs) from proprietary systems to its OpenStack and Ceph cloud. “We’ve built a migration engine that takes a proprietary virtual machine and translates it to OpenStack“, says IT architect Vos. ”We’ve used this numerous times now, and it’s flawless. Usually, such migrations cause all kinds of issues, but up to now we have not lost anything nor had any interruptions.” The migration engine works both ways, allowing a government customer to return to its previous solution if necessary.
Real virtual machines
Migration starts with making a copy of the VM that is running in the datacentre of the sourcing partner. The copied VM is then stripped of its management components and transferred to Groningen. ODC-Noord receives the VM, plugs it into the data centre network, and starts the automated migration process. This process converts the VM to a Linux kernel-based VM (KVM) image, inserts all the management tooling, configures the network, and boots it in the OpenStack tenant environment.
If the new VM works, the original VM is permanently switched off. If the new VM does not pass testing, the original VM can continue to run.
By 2019, all four of the Dutch government’s data centres will use OpenStack and Ceph, allowing government services to gradually reduce their dependence on proprietary virtualisation solutions.
Technology choice: Open source software
Main results, benefits and impacts
The main results include:
- huge customer satisfaction;
- high employee satisfaction; and
- high speed of innovation.
The main benefits include:
- no vendor lock-in, and hence lower costs;
- projects focus on business value instead of infrastructure; and
- customers are sharing best practices.
The main impacts are:
- the government cloud has become a reality;
- infrastructure delivery has transformed into a logistic process; and
- IT vendors have become business partners.
Return on investment
ODC-Noord does not focus on the return on investment from the OpenStack/Ceph project. However, the Ministry of Education, Culture and Science (OCW) says the project has cut costs by 30% compared to the previous solution.
The tangible advantages for the Dutch government include:
- being less dependent on a single major software vendor;
- investing in knowledge and the local economy as opposed to paying licence fees; and
- facilitating cross-department alliances to tackle common issues such as security and performance.
Return on investment: Other
Track record of sharing
The team of OpenStack and Ceph engineers at ODC-Noord are busy helping their colleagues in the other three national data centres. They are also sharing their approach with government colleagues in Austria, Denmark, Italy, Sweden and the Czech Republic, and have organised tours for banks and insurers.
ODC-Noord’s recommendations include:
- invest in knowledge, train employees, and hire the best experts;
- keep it simple, especially on the network level; and
- only buy emergency support.
On the other hand, don’t:
- buy service subscriptions based on the size of the infrastructure;
- hand over project management or high level architecture to the vendor; or
- start in an organisation that is primarily focused on proprietary software.