OpenStack Architecture

Welcome back to the second post of our series on OpenStack where we dive into one of the most versatile and dynamic cloud computing platforms available today. If you missed our previous post, don’t worry; you can catch up on the history of how OpenStack was born and its significance in cloud computing here.

OpenStack offers a microservice and scalable framework for building private, public, and hybrid clouds with lots of innovation and flexibility. At the heart of OpenStack lie several of its core components, each playing a pivotal role in orchestrating and managing cloud infrastructure resources.

In this article, you will learn about OpenStack’s Architecture and its core service – Nova, Neutron, Cinder, Keystone, Glance, Swift. As well as we’ll explore additional components such as Horizon, Barbican, and Heat.

Let’s take a closer look at these and explore how they collaborate to power the OpenStack cloud ecosystem.

Nova (Compute)

Nova serves as the compute engine of OpenStack, responsible for provisioning and managing virtual machines (VMs). It manages compute capacity by creating, scheduling, migrating and deleting resources. It enables the automation of resources that are responsible for the virtualization of services and high-performance computing. Nova supports multiple hypervisors (KVM, Xen, ESXi, Hyper-V) with most clouds relying on KVM.

Leveraging Nova, users can launch, terminate, and resize compute instances on-demand, while administrators gain granular control over compute resources, ensuring optimal performance and resource utilization with VM dynamic scheduling and live-migration capabilities.

Neutron (Networking)

Neutron serves as the networking component of OpenStack, enabling creation and management of virtual networks, routers, and security groups. It is an API driven service that manages everything related to software defined networks, ports and Floating IP addresses allowing strong isolation between the tenants and projects inside of OpenStack cloud. It implements Virtual Routing and Forwarding (VRF), Distributed routing, supports Static & Dynamic routing, L2 Gateway and separate routing tables.

By abstracting network resources and providing APIs for network configuration, Neutron empowers users to build complex network topologies and establish secure connectivity between cloud instances and external networks. 

Cinder (Block Storage)

Cinder offers block storage services for OpenStack, delivering persistent storage volumes for VMs and containers. Storage that is made accessible using a self-service API attaching/detaching volumes works “hot-plug”, meaning that you don’t need to stop a running VM in order to perform any operations including snapshots.

With Cinder, users can create, attach, detach, snapshot and backup block storage volumes independently of compute instances, providing scalable and reliable storage solutions for diverse workloads. Users are able to define and manage the amount of cloud storage required for their VMs.

Cinder supports more than 30 storage backends including Ceph, Dell Power Storage, Huawei, IBM Spectrum, LinBIT, NetApp ONTAP, Pure Storage, StorPool and more, meaning you can easily integrate any of existing storage into OpenStack cloud without the need to invest into new hardware or a software-defined storage solution.

Keystone (Identity)

Keystone acts as the identity service of OpenStack, providing authentication, authorization, and federation services for users, services, and resources. It is responsible for all types of authentications and authorizations in OpenStack and supports LDAP, 2-Factor authentication, Keycloak integration, JWS/JWT and Fernet tokens.

By centralizing identity management, Keystone enables secure access control and single sign-on across all OpenStack services, ensuring robust security and compliance of your cloud. A flexible policy engine is an essential part of each OpenStack service allowing a high degree of customization and implementation of RBAC (Role Based Access Control) policies according to your organization structure or security and audit requirements.

Glance (Image Service)

Glance serves as the image service of OpenStack, facilitating the discovery, registration, and retrieval of virtual machine images through the network. These images are kept in a wide range of supported back-end systems with object storage such as Swift or S3 being the most popular one.

By maintaining a catalog of pre-configured images, Glance streamlines the deployment process and allows launching instances from standardized images with ease. It allows users and admins to import and export images in different formats (Raw, VHD, VMDK, QCOW2, AMI) supporting all kinds of hypervisors.

Last, but not least – Glance supports image signing and does validation of signatures to ensure security of your cloud and prevent possible supply chain attacks.

Horizon (Dashboard)

Horizon provides a web-based dashboard interface for OpenStack, offering administrators and users a unified place for managing and monitoring all cloud resources. With Horizon, users can visualize and control their OpenStack Projects by creating and managing VMs, Volumes, Networks and more.

Horizon is based on the popular Django web framework and it allows customization such as change of theme and use of own colors and logos to personalize Cloud experience for your organization.

Barbican (Key Management)

Barbican is OpenStack’s key management service, designed to manage and store security secrets such as encryption keys, certificates, and passwords. By providing a centralized, secure repository for managing sensitive information, Barbican enhances the security posture of OpenStack deployments, ensuring that cryptographic keys and other secrets are handled with the highest levels of security.

Heat (Orchestration)

Heat is OpenStack’s orchestration service, allowing users to define and manage infrastructure as code (IaC) through templates. By automating the deployment and scaling cloud resources, Heat streamlines the process of provisioning complex applications and services on OpenStack, enhancing agility and efficiency. Using IaC is considered industry best practice and promotes team collaboration, makes deployments faster and reduces human errors.

OpenStack Heat supports CloudFormation templates well-known to AWS users and thus making migration from AWS to OpenStack easier.

Swift (Object Storage)

Swift is an object storage service that provides a horizontally scalable and durable object storage solution. It has high fault tolerance capabilities for storing and retrieving large volumes of unstructured data with the help of Restful API similar to Simple Storage Service (AWS S3) API that is the de-facto industry standard today.

Swift enables users to store data as objects in containers, facilitating seamless access and replication across distributed storage clusters. Being a distributed storage, it is also used to provide redundant storage within servers that are clustered together. It is perfectly capable of managing petabytes of data.

While Swift was one of the first OpenStack components and is production-ready, many companies prefer to use native S3 API for Object Storage provided by Ceph – an open source software defined storage solution often used together with OpenStack. It is also possible to enable AWS S3-compatibility middleware for Swift, however it may affect the performance of Object Storage.


The architecture of OpenStack has a versatile array of features that make it a great option for building a Cloud IaaS. Its microservice design allows for tailored deployments, individual component scaling, and resource optimization, catering to diverse needs and workloads. With its emphasis on scalability, interoperability, automation, and security, OpenStack is perhaps the most powerful open source framework today for organizations seeking to harness the benefits of cloud computing.

If you’re considering implementing OpenStack or need assistance with optimizing your OpenStack cloud, don’t hesitate to reach out to us. Our team of experts has designed and delivered many OpenStack installations and has contributed 60+ changes upstream. We are ready to help you navigate the complexities of deploying and managing OpenStack.

Contact us today to learn more and embark on your journey towards a more efficient and agile cloud infrastructure.