Nicira + Opscode Chef: The Journey to an OpenStack Cloud

Nicira and OpsCode partnered to build an OpenStack cloud at VMware. In this webinar we’ll have the opportunity to get some insight about it. It allows their team to build location independant labs in 50 seconds, provisionned from a self service portal. Principal driver: cost, agility and speed.

Operational Efficiency and business velocity were going down due to the inherent complexity of their infrastructure but after the implementation of cloud automation tricks, it all inversed.

Duffie and Tim works at Nicira, Duffie is a Network and system administrator, worked at Juniper, majority of his time were responding to infrastructure issues and R&D requests. He was the one way to go for anything to happen. He then become a Cloud Architect, he is now a Hero to R&D, he believe it was his best carreer move. He now care about delivering a service to the R&D team.

Tim is the R&D build manager, with plenties of physical servers under his desk, after cloud he is now called “Server Hugger”. He needed isolation, security, performance, reliability and availability. It’s exactly what Nicira NVP offers. He actually was able to become a lover of the cloud. His build capability gone way up, much faster at doing build right now.

Major components :

There is currently a lot of confusion in the SDN space. Nicira creates a complete network construct in software that support both physical and virtual workloads completly decoupled.

  • Non Disruptive deployment
  • Decoupled from topology
  • Hardware independence
  • Backwards compatibility

SDN is not Network Virtualization, SDN is looking at the different table space within the networking devices while Network Virtualization decouple virtual networking from physical one.

Distributed Forwarding State is already well handled but the issues comes from manual configuration State like VLANs, ACLs, …

Network Virtualization creates an abstraction to leave the physical network to do what he does best, forwarding packets. Nicira does what VMware have done to the compute.

To give you an example, Rackspace does currently have 65.000 logical ports in production.

Chef - Automation

Stathy Toulomis, Solutions Architect at Opscode presented an high level overview of Chef.

Operation complexity, why Chef becomes more pervasive

Chef is an automation platform for developers & systems engineers to continuously define, build and manage infrastructures. Chef use Recipes* and Cookbooks* that describe infrastructure as Code.

Chef enables people to easily build & manage complex & dynamic applications at massive scale. The Goal is to reconstruct the business from code and backups.

Infrastructure as code

  • A configuration management system (DSL)
  • A library for configuration management
  • A community, contributing to library and expertise
  • A systems integration platform (API)

Recipes are a collection of resources like Networking, Files, Directories, Symlinks, Mounts, …

Cookbooks contains recipes, logical grouping, hundreds already available on the OpsCode Community.

As you can see in the following line, by searching you can easily and dynamically configure a load balancer pool.

pool_members = search('node','role:webserver')

Nicira OpenStack Cloud demo

Nicira wrote a custom interface that talks to the OpenStack API. It enable them to deploy many VM instances from a self-service portal. Users can be part of multiple projects

Deploy a server

Within a few seconds you can get a running virtual server.


OpenStack provides iSCSI volume as a service.

Network Tabs

Nicira enable you to create an unlimited number of virtual networks.


It couldn’t be easier to create a new network

When you deploy a new virtual machine, you can connect it to this newly created network. You never have to call anybody in the networking team, it’s all done automatically thru the self service portal.

Security Profile

You can configure ACLs to control traffic to your VMs

You can also apply a security profile to a Network without picking up the phone to call security team, it’s all on demand.


Nicira Cloud used for training and onboarding new employees by packaging an overall environment containing multiple VMs to enable employees to deploy a training lab in a single click.

As you can see below, The lab is now in a privisionning state


Used to build up the infrastructure, bootstrapping a new node could now be done without user interaction, without any human errors. The monitoring of the platform is possible with Ganglia.


Which hypervisor is currenlty used at Nicira

KVM used as the underline hypervisor but VMware will be supported soon.

What relationship exists between OpenStack, Nicira and OpsCode ?

There is no tight integration between OpsCode, Nicira, OpenStack or CloudStack. But integration is possible via Quantum in the OpenStack world.

Which cloud management platform are supported ?

Nicira NVP is independant from the cloud management platform. Nicira expose an API that can be used by any cloud management platform.

How a newly deployed VM knows which recipe to apply.

Nicira uses Chef to build the physical infrastructure, right now the VMs themselves aren’t using Chef yet.

What’s required in the physical networking world for Nicira to work ?

IP connectivity only.

How does Chef differs from other tools like attrium Orchestrator, Palets

Chef has an intimate understanding of the platform that it needs to configure, it’s not a process modeling tool.

Which virtual switch are supported ?

Cisco 1000V isn’t supported, but VMware VDS and OpenSwitch are supported.


To get more information about Nicira or OpsCode :