
OpenStack is an open-source cloud computing platform designed to manage and pool compute, network, and storage resources in data centers, enabling on-demand provisioning of virtual resources through self-service interfaces and APIs. It serves as the foundation for both private and public clouds by abstracting physical hardware into virtual pools that users and applications can access programmatically.
Key Components
OpenStack operates using a modular architecture, consisting of several core and optional components:
- Nova: Manages compute resources and instance scheduling.
- Neutron: Provides software-defined networking (SDN) for cloud instances.
- Cinder: Handles block storage provisioning for persistent data.
- Swift: Offers scalable, highly-available object storage, similar to services like Amazon S3.
- Glance: Manages cloud images for instances.
- Keystone: Serves as the identity, authentication, and authorization service.
Core Functionality
- OpenStack does not perform virtualization itself but acts as a “cloud layer” that interfaces with virtualization technologies (like KVM, VMware, Xen, or Hyper-V).
- Users request resources (virtual machines, networks, storage) via dashboards or APIs, with OpenStack orchestrating their provisioning and lifecycle.
- Its open-source nature means organizations can modify, adapt, and deploy it without licensing fees, often leading to reduced operational costs in the long term.
Use Cases and Benefits
- Private and Hybrid Clouds: Enables enterprises to build private clouds or hybrid solutions that extend into public clouds.
- Cost Optimization: Long-term operational costs are generally lower compared to proprietary solutions or public hyperscalers.
- Vendor Independence: Abstracts underlying hardware, supporting multi-vendor environments and avoiding vendor lock-in.
- Security and Customization: Deployed on-premises, OpenStack enables strict data control and custom cloud configuration.
Challenges
- OpenStack has a steep learning curve, and the initial setup may be complex, requiring significant expertise and resources.
- Ongoing maintenance and scaling may require skilled personnel for efficient operation.
Summary Table
OpenStack is best suited for organizations looking for open, customizable cloud solutions that can scale and integrate multi-vendor hardware, with robust control over configuration and security.
OpenStack Components
OpenStack is a modular cloud platform made up of separate services that together provide compute, storage, networking, identity, and management for private or public clouds.
Core services

- Nova: Compute service that provisions and manages virtual machines.
- Neutron: Networking service for virtual networks, IP allocation, and network connectivity.
- Cinder: Block storage service for persistent volumes attached to instances.
- Swift: Object storage for scalable file/object storage.
- Glance: Image service for storing and retrieving VM images.
- Keystone: Identity service for authentication, authorization, and service catalog.
- Horizon: Web dashboard for administering OpenStack.
Common supporting services
- Heat: Orchestration service for templated infrastructure deployment.
- Ceilometer: Telemetry/monitoring service in many OpenStack deployments.
- Trove: Database service for managed database instances.
- Sahara: Big data / Elastic MapReduce-style service.
How they fit together
OpenStack is designed as a set of composable projects rather than one monolithic application, so operators can deploy only the parts they need. The most common mental model is: Nova runs compute, Neutron connects it, Cinder and Swift store data, Glance supplies images, Keystone secures access, and Horizon gives you a GUI.
Simple example
If you launch a VM in OpenStack, Glance provides the image, Nova creates the instance, Neutron gives it network access, Cinder can attach extra disk, and Keystone checks that you are allowed to do it.
OpenStack Architecture Overview
7
What is OpenStack?
OpenStack is an open-source Infrastructure-as-a-Service (IaaS) cloud platform used to build private and hybrid clouds. It manages:
- Compute (virtual machines / bare metal)
- Networking
- Storage
- Identity/authentication
- Images
- Orchestration
- Monitoring
- Multi-tenancy
Think of it as the “Linux of cloud infrastructure” — a distributed control plane that turns pools of servers, disks, and networks into an API-driven cloud platform.
It is heavily used by:
- Telcos
- Financial institutions
- HPC environments
- Enterprises
- Service providers
- Sovereign/private cloud operators
OpenStack High-Level Logical Architecture
+-----------------------------------+
| Horizon |
| (Web Dashboard) |
+----------------+-----------------+
|
v
+---------------------------------------------------------------+
| OpenStack APIs |
| Keystone | Nova | Neutron | Cinder | Glance | Heat | etc. |
+---------------------------------------------------------------+
|
+-------------------+-------------------+
| |
v v
+----------------------+ +-----------------------------+
| Control Plane | | Data Plane |
| API Services | | Compute / Storage / Network |
| Schedulers | | Hypervisors |
| Message Queues | | OVS/Linux Bridge |
| Databases | | Ceph / SAN / Local Disk |
+----------------------+ +-----------------------------+
Core OpenStack Services
1. Nova — Compute Service
Nova manages virtual machine lifecycle operations.
Responsibilities
- Create/delete VMs
- Schedule workloads
- Manage hypervisors
- Allocate compute resources
- Attach storage/networking
Main Components
| Component | Purpose |
|---|---|
| nova-api | Receives API requests |
| nova-scheduler | Chooses compute node |
| nova-conductor | Coordinates DB + compute |
| nova-compute | Runs on hypervisor nodes |
| placement | Tracks resource inventory |
| metadata service | Provides cloud-init metadata |
Hypervisors Supported
- KVM (most common)
- VMware ESXi
- Hyper-V
- Xen
Workflow Example
User launches VM
↓
Nova API receives request
↓
Keystone authenticates
↓
Scheduler selects compute node
↓
Neutron provisions networking
↓
Cinder attaches volume
↓
Glance provides image
↓
nova-compute starts VM via KVM/libvirt
2. Neutron — Networking
5
Neutron provides Software Defined Networking (SDN).
Responsibilities
- Tenant networking
- Virtual routers
- Floating IPs
- Security groups
- DHCP
- Load balancing
- VLAN/VXLAN overlays
Core Components
| Component | Purpose |
|---|---|
| neutron-server | API service |
| ML2 plugin | Network backend abstraction |
| L3 agent | Routing |
| DHCP agent | DHCP services |
| Metadata agent | VM metadata |
| OVS/OVN agents | Virtual switching |
Common Network Backends
| Backend | Notes |
|---|---|
| Open vSwitch (OVS) | Traditional deployment |
| OVN | Modern scalable SDN backend |
| Linux Bridge | Simpler environments |
| SR-IOV | High-performance networking |
Networking Models
| Type | Purpose |
|---|---|
| Provider network | Direct physical network access |
| Tenant network | Isolated VXLAN/VLAN overlays |
| Floating IP | Public IP NAT |
| Security groups | Virtual firewall rules |
3. Cinder — Block Storage
7
Provides persistent block storage volumes for VMs.
Responsibilities
- Create volumes
- Snapshots
- Replication
- Attach/detach disks
- Storage QoS
Common Backends
| Backend | Notes |
|---|---|
| Ceph RBD | Most common |
| NetApp | Enterprise SAN |
| Dell EMC | Enterprise arrays |
| LVM | Local storage |
| Pure Storage | Flash arrays |
Components
| Component | Purpose |
|---|---|
| cinder-api | API endpoint |
| cinder-scheduler | Selects backend |
| cinder-volume | Talks to storage backend |
| cinder-backup | Backup service |
4. Swift — Object Storage
S3-like distributed object storage.
Use Cases
- Backups
- VM images
- Archives
- Media storage
- Large-scale object data
Architecture
Proxy Service
↓
Storage Nodes
├── Account
├── Container
└── Object services
Characteristics
- Highly scalable
- Eventually consistent
- Replicated storage
- Commodity hardware friendly
5. Glance — Image Management
Stores and distributes VM images.
Responsibilities
- Upload images
- Snapshot images
- Image catalog
- Image caching
Supported Formats
- QCOW2
- RAW
- VMDK
- ISO
Common Backends
- Ceph
- Swift
- NFS
- Filesystem
6. Keystone — Identity & Authentication

Central authentication and authorization system.
Responsibilities
- Authentication
- Authorization
- RBAC
- Multi-tenancy
- Service catalog
- Token issuance
Concepts
| Concept | Meaning |
|---|---|
| User | Identity |
| Project/Tenant | Resource boundary |
| Role | Permissions |
| Token | Auth credential |
| Service Catalog | API discovery |
Integrations
- LDAP
- Active Directory
- SAML
- OIDC
7. Horizon — Web UI
Web dashboard for administrators and tenants.
Functions
- Launch VMs
- Manage networks
- Manage volumes
- User/project administration
- Monitor usage
Built on:
- Django
- OpenStack APIs
Additional Important Services
8. Heat — Orchestration
Infrastructure-as-Code engine.
Equivalent concepts:
- AWS CloudFormation
- Terraform orchestration
Uses
- Deploy application stacks
- Autoscaling
- Templates
Uses YAML templates called HOT:
- Heat Orchestration Templates
9. Ironic — Bare Metal
Provision physical servers like cloud instances.
Use Cases
- Kubernetes worker nodes
- HPC
- Telco NFV
- GPU workloads
Integrates with:
- PXE
- Redfish/IPMI
- BIOS management
10. Magnum — Kubernetes Clusters
Provides Kubernetes-as-a-Service.
Can deploy
- Kubernetes
- Docker Swarm
- Mesos (legacy)
Built using:
- Nova
- Neutron
- Heat
- Cinder
11. Octavia — Load Balancing
LBaaS implementation.
Provides:
- HAProxy-based load balancers
- TLS termination
- Health checks
12. Ceilometer + Gnocchi — Monitoring & Telemetry
Used for:
- Metrics
- Billing
- Monitoring
- Autoscaling triggers
Supporting Infrastructure Components
These are critical but often overlooked.
Database Layer
Usually:
- MariaDB/Galera cluster
Stores:
- Instance metadata
- Network state
- Identity data
- Scheduling data
Message Queue
Usually:
- RabbitMQ
Used for:
- Service-to-service communication
- Asynchronous operations
Example:
Nova scheduler → RabbitMQ → nova-compute
Memcached
Used for:
- Keystone token caching
- Session caching
Physical Node Roles
Controller Nodes
Run:
- APIs
- Schedulers
- Databases
- RabbitMQ
- Keystone
- Horizon
Usually HA clustered.
Compute Nodes
Run:
- nova-compute
- KVM/libvirt
- OVS/OVN agents
Actually host VMs.
Storage Nodes
Run:
- Ceph OSDs
- Swift object services
- Storage daemons
Network Nodes
Run:
- Routing
- NAT
- DHCP
- Floating IP services
In modern OVN architectures, dedicated network nodes are less necessary.
How Everything Fits Together
Full VM Provisioning Flow
6
1. User/API requests VM creation
↓
2. Keystone authenticates request
↓
3. Nova scheduler selects compute node
↓
4. Glance provides VM image
↓
5. Neutron creates networking
↓
6. Cinder attaches persistent volume
↓
7. nova-compute launches VM via KVM
↓
8. Metadata service provides cloud-init data
↓
9. VM becomes active
Typical Enterprise Stack
Common Production Architecture
| Layer | Typical Technology |
|---|---|
| Hypervisor | KVM |
| Networking | OVN + OVS |
| Storage | Ceph |
| Container Platform | Kubernetes |
| IaC | Terraform + Ansible |
| Monitoring | Prometheus + Grafana |
| Logging | ELK/OpenSearch |
| Identity | LDAP/AD |
| HA | Pacemaker/Galera |
OpenStack + Kubernetes Relationship
Modern OpenStack is increasingly a Kubernetes infrastructure provider.
Common model:
OpenStack = Infrastructure Layer
Kubernetes = Application Platform Layer
OpenStack Provides
- VMs
- Networking
- Storage
- Bare metal
- Multi-tenancy
Kubernetes Provides
- Container orchestration
- CI/CD deployment targets
- Microservices platform
- Autoscaling apps
Real-World Deployment Patterns
| Industry | Usage |
|---|---|
| Telcos | NFV / 5G |
| Banks | Private cloud |
| Governments | Sovereign cloud |
| HPC | GPU clusters |
| SaaS providers | Multi-tenant IaaS |
| Enterprises | VMware replacement |
Biggest Operational Challenges
| Area | Challenge |
|---|---|
| Networking | SDN complexity |
| Upgrades | Multi-service coordination |
| Scaling | DB/message queue bottlenecks |
| Storage | Ceph operational expertise |
| Troubleshooting | Distributed systems debugging |
| HA | Cluster coordination |
Why OpenStack Remains Important
Despite public cloud dominance, OpenStack is still heavily used because it provides:
- Full infrastructure control
- Data sovereignty
- No hyperscaler lock-in
- API-driven private cloud
- Massive scale capability
- Integration with Kubernetes and bare metal
It effectively brings AWS-like infrastructure patterns into private data centers.