Cloud Services
Cloud Services

Features

Home Cloud Services Open Cloud Features

Through our Open Cloud, we provide our customers with an IaaS service based on the open source software Openstack. The functions of the EveryWare Open Cloud are very extensive and are divided into compute, storage and network.

They also range from creating a single server to configuring comprehensive multi-tier network architectures. The EveryWare Open Cloud offers various advanced services, such as Kubernetes, load balancing, block-level backup, site-2-site VPN (IPsec) and object storage.

Self-service portal

Our public cloud platform offers a variety of infrastructure services that can be configured and managed via a user-friendly self-service portal. Whether you prefer to use a graphical user interface or an API interface, our platform offers flexible and intuitive options to meet your needs. From pre-configured templates to customized virtual machines and complete development environments, our cloud services are designed to give you the computing power and agility you need to succeed in today's fast-paced digital world.

The comprehensive help page in German and English contains useful tips and information as well as a quick start guide. This will help you get started with the OpenStack Management Portal Horizon. You will learn step by step how to create a network, connect your first virtual server (instance) and access it.

The self-service portal allows you to centrally manage all your cloud resources, such as virtual servers, storage volumes or projects. Projects are used for the logical delimitation of resources, such as virtual networks, servers or storage volumes for access, but also for subsequent billing, which takes place on an hourly basis to the second.

The Cloud Services Portal includes a quota and usage dashboard as well as a comprehensive S3 Management Dashboard with many functions, with which you can easily manage the S3 storage, objects and authorizations via a graphical interface.

For flexible billing, there are various pricing models such as on-demand and pre-committed models, which can be selected or combined as required.

Compute

Open Cloud Compute provides flexible and cost-efficient cloud computing power via OpenStack Nova. Creating, booting and scaling instances (VMs) only takes a few seconds and you only pay for the resources you actually use.

A cloud server instance consists of one or more virtual processors (vCPU), memory, an OS image (operating system, public or private image) and instance block storage (IBS) or volume block storage (Volume Service VBS). The customer can choose from preconfigured types, known as flavors. These flavors combine firmly defined sizes and limits in terms of network bandwidth, storage throughput or IOPS number and type of vCPUs, memory size and instance block storage. These performance classes cover a variety of typical areas of use. From enterprise database applications to web applications, development projects and virtual data centers. The hypervisor used is Libvirt, QEMU and KVM, one of the most secure and fastest virtualization stacks.

Compute GPU

The EveryWare Open Cloud GPU instances are equipped with the latest NVIDIA L4 Tensor Core GPU and are specifically designed for demanding AI, ML and graphics workloads. With an impressive combination of performance, flexibility and scalability, they offer a powerful solution for your most demanding applications.

Image Management Service

The Image Management Service allows EveryWare to manage preconfigured operating system images (public images) as well as customers' own images. When creating a cloud server, an image must be assigned by the customer. Frequently used images should be stored in RAW format to avoid conversion when starting a cloud server and to speed up the boot process considerably.

Public images

The Open Cloud provides the following operating system images optimized for the cloud. These are automatically expanded at periodic intervals and made available in an up-to-date version.

Type

Type Name

License version

License costs/month in CHF

Linux

AlmaLinux

9

0.-

Linux

AlmaLinux LVM

9

0.-

Linux

CentOS Stream

8/9

0.-

Linux

CentOS Stream LVM

8/9

0.-

Linux

Ubuntu

20.04/22.04/24.04

0.-

Ubuntu Linux

Ubuntu LVM

20.04/22.04/24.04

0.-

Ubuntu Linux

Ubuntu DevTools

20.04/22.04/24.04

0.-

Linux

Ubuntu GPU

22.04/24.04

0.-

Linux

Fedora AtomicHost

29

0.-

Linux

CirrOS

0.5.2/0.6.1

0.-

Windows

Windows Server Standard

2019/2022

27.-1

Windows

Windows Server Standard Core

2019/2022

27.-1

MS SQL

Microsoft SQL Server

Web Edition

27.702

MS SQL

Microsoft SQL Server

Standard Edition

442.403

MS SQL

Microsoft SQL Server

Enterprise Edition

1'665.604

Linux

Red Hat Enterprise Linux 7

7

see Red Hat

Linux

Fedora AtomicHost

29

0.-

1 Price for minimum licensing Windows Server (8 Core). Further Windows Server Core license packages:"Windows Server 2 Core License" (CHF 6.75/p.M)

2 Price for minimum licensing MS SQL Server Web Edition (4 Core). Further MS SQL Server Core license packages:"MS SQL Server Web Edition 2 Core Licenses" (CHF 13.85/p.M.)

3 Price for minimum licensing MS SQL Server Standard Edition (4 Core). Further MS SQL Server Core license packages: "MS SQL Server Standard Edition 2 Core licenses" (CHF 221.20/p.m.)

4 Price for minimum licensing MS SQL Server Enterprise Edition (4 Core). Additional MS SQL Server Core license packages:"MS SQL Server Enterprise Edition 2 Core Licenses" (CHF 832.80/p.m.)

The licenses are charged on an hourly basis and are prorated. The above prices are calculated on the basis of a month with 31 days (744 hours).

Private images

The customer has the option of uploading their own private images to the Image Management Service or creating them on the basis of a cloud server. Images that are not stored/uploaded in RAW format must be converted in the background when a cloud server is started. To avoid this time-consuming process, images should always be in RAW format. For private images, the customer takes responsibility for the license-compliant usage and technical functionality of the operating system or application.

Storage

The virtual storage volume, known as storage, is provided on a scalable, redundant and high-performance NVME-SSD enterprise storage cluster based on Ceph.

Block Storage (VBS)

The SSD block storage types are divided into the two volume categories "General Purpose" and "Provisioned" and differ in the number of IOPS per volume that are provided. A created volume causes a chargeable consumption, regardless of whether a computer resource accesses it or not.

Provisioned

The maximum number of IOPS for provisioned block storage is independent of the volume size, but a minimum volume size of 100 GB is required for fair use.

Name

SSD block storage type

Ratio IOPS per volume

Throughput MB/s

Volume Cost per GB/h (CHF)

Volume Cost per GB/month (CHF base 744h)

v-ssd-bsc

Provisioned IOPS "Basic"

up to 500

50

0.00014382

0.107

v-ssd-std

Provisioned IOPS "Standard"

up to 1'000

120

0.00025887

0.193

v-ssd-medium

Provisioned IOPS "Performance"

up to 2'000

180

0.00035954

0.268

v-ssd-high

Provisioned IOPS "High-Performance"

up to 3'500

215

0.00050336

0.375

v-ssd-ultra

Provisioned-IOPS "Ultra-High-Performance"

up to 5'000

250

0.00071909

0.535

 
General Purpose

With general purpose block storage, the maximum available disk IOPS increase dynamically with the size of the volume. Two progression levels with different ratio IOPS are currently offered.

Calculation example 1: Moderate increase in IOPS per GB volume: 400GB * 5 IOPS = 2,000 IOPS
Calculation example 2: Significant increase in IOPS per GB volume: 400GB * 25 IOPS = 10,000 IOPS

Name

SSD Blockstorage Type

Ratio IOPS per GB

Throughput KiB/s per GB

Volume Cost per GB/h (CHF)

Volume Cost per GB/month (CHF base 744h)

v-ssd-dynb

Dynamic IOPS "Basic"

5 (up to max. 10,000 IOPS per volume)

800 (75 to max. 250MB/s)

0.00017977

0.134

v-ssd-dynx

Dynamic IOPS "Excellent"

25 (up to max. 20,000 IOPS per volume)

1,024 (100 to max. 500MB/s)

0.00035954

0.268

Calculation example
Moderate increase in IOPS per GB volume: 400GB * 5 IOPS = 2,000 IOPS
Significant increase in IOPS per GB volume: 400GB * 25 IOPS = 10,000 IOPS

Note

Up to 24 block storage volumes can be assigned to each OpenStack Cloud Server, whereby the volume block storages can be of different types. The maximum size of a single volume is currently limited to 20TB.

Object Storage Service

The Object Storage Service is an object-based data storage service. It can be accessed over the Internet via HTTPs and the widely used APIs S3 and Swift. Object Storage offers the option of creating, retrieving and deleting S3 buckets or Swift containers and storage objects. It is possible to control access at the bucket level. Object Storage offers extremely high scalability and at the same time simple but powerful administration. All data sources can be easily connected to Object Storage and large volumes of data can be stored automatically. Regardless of whether storage is required for application data, backup, disaster recovery or another business application.

Volume Backup Service

The Volume Backup Service or Cinder Backup offers the option of a complete or incremental backup to restore volumes using the Object Storage Service. A backup is a "point-in-time copy" of a volume and is stored in the secondary data center on a highly redundant object storage cluster. The backup can be automated and controlled via the Workflow Service or controlled directly via the Volume Service API.

Volume Snapshot Service

The Volume Snapshot Service or Cinder Snapshot offers the option of creating a "point in time copy" of a cloud server instance or a volume. A snapshot of a cloud server instance is transferred to the image service and is used to start a new server based on this snapshot. The snapshot is stored as a private image in the Compute/Images area and billed as an Image Service on an hourly basis. A snapshot of a volume appears on the block storage solution in the OpenStack Management Portal under Volume/Snapshot. A volume snapshot can be converted into a volume (also a bootable volume).

Network (Neutron)

Cloud network functions are essential for every virtual server. The central network functions are mapped with the OpenStack "Neutron" service. EveryWare offers a wide range of network functions in the Open Cloud. These enable simple, scalable and secure connection of the compute instances. Any number of private networks, security groups, routers, S2S VPN and load balancing can be operated directly and conveniently in the OpenStack management portal.

Router

The compute instances are connected using a virtual router. The virtual router forwards the data packets between networks. It can connect several private networks with each other or with the public network (and therefore the Internet). The network services therefore have public and private IP addresses. Each router is mapped in a highly redundant manner and ensures uninterrupted and high-performance access.

Site-2-Site VPN (IPsec)

The VPN service is connected to a router and refers to an endpoint group or a single subnet in order to reach a remote site. After activating this service, you can set up several VPN connections; billing is per VPN connection and is charged per hour. A router is required for this service.

Floating IPs

A floating IP is a public IP address that can be assigned to a load balancer or cloud server, for example. A floating IP can only be assigned to the cloud server if the network is connected to the public network (and therefore the internet) via a router. A cloud server with an assigned floating IP can be accessed directly from the Internet via this IP. It is essential to pay attention to the configuration of the security groups. Floating IPs are also required for port forwarding.

Load Balancer Service (Octavia)

High Available Load Balancing as a Service (LBaaS) offers load balancing on the basis of virtual IPs. The OpenStack Octavia Service can also create TLS-terminated HTTPS loadblancers in conjunction with the OpenStack Barbican Service (Key Management System). Classic features such as health monitoring, "sticky sessions", non-terminated HTTPS, HTTP, TCP load balancing, but also advanced functions such as UDP, SNI, client authentication or backend re-encryption can be implemented with the Octavia Service.

Octavia concepts

Load balancer

The load balancer occupies a Neutron network port and has an IP address that is assigned to a subnet.

Listener

Load balancers can wait for requests on several ports. Each of these ports is specified by a listener.

Pool

A pool contains a list of members that provide content via the load balancer.

Member

Members are servers that serve the data traffic behind a load balancer. Each member is specified by the IP address and the port it uses for data traffic.

Health monitor

Members can go offline from time to time and health monitors deflect traffic from members that are not responding properly. Health monitors are connected to pools.

Port forwarding

With the function developed by EveryWare, any number of PORTs or PORT range forwarding can be configured in the OpenStack Management Portal. A connection that is received via a specific external PORT (e.g. 2222) of the virtual router is forwarded to a cloud server instance or virtual machine (VM) via another internal PORT (e.g. 22).

Security Groups

Security groups replace conventional firewalls in modern cloud platforms. While a firewall only seals off entire networks, security groups can be used to secure individual network ports of the instance within a layer 2 network - even against access from the same layer 2 network. This eliminates the need to divide networks into several tiers due to security concerns. Within an Openstack project, access to instances is defined via security groups.

Security rules

Each security group contains one or more security rules. The rules contain granular rules on which protocols, groups (security groups) and CIDRs are used to define who should have access to whom.

Private networks and sub-networks

Different private networks can be created within a project. The IP address ranges of the associated sub-networks can be freely selected within the framework of RFC 1918.

Cloud Management und Governance

A powerful and capable cloud computing platform requires strong governance tools on the one hand and a robust management system on the other. In addition to the OpenStack management portal Horzion, EveryWare offers a Cloud Services Portal with extensive functions. This ensures that the cloud infrastructure can be set up and maintained quickly, flexibly and reliably.

OpenStack Management Portal

In the OpenStack Management Portal Horizon, you can manage all your cloud resources from a central location. Cloud resources here means virtual servers, storage volumes and networks. The functions are very extensive and range from deploying a server to configuring a virtual data center with extensive multi-tier network architectures.

Cloud Services Portal

With the EveryWare Cloud Services Portal, operation is very simple. In the Cloud Services Portal, you can manage your cloud services such as customers (clients), OpenStack projects (accounts) and user management (IAM) from a central location. Other services include an integrated S3 Management Panel, which can be used to manage S3 buckets. The range of functions and authorizations are based on profiles. Individual dashboard management profiles with individual authorizations can be created and assigned to a user. In principle, a user only ever sees the services for which they are authorized.

Profiles

Enterprise Partner

Manages authorized cloud services, clients and users.

Client

Manages authorized cloud services and users.

User

A user has one of the above profiles with the corresponding authorizations.

Orchestration and Automation

OpenStack supports the control and automation of your cloud resources with a range of tools. These include the OpenStack API, with which you can execute and thus automate all functions of the OpenStack Management Portal at command level. Other supported automation tools are Heat and Mistral.

OpenStack API

Use the native OpenStack API to control and automate all your resources. OpenStack Client (also known as OSC) is a command-line client for OpenStack that consolidates access to all Openstack APIs into a single shell with a unified command structure.

More about OpenStack API

Orchestration service (Heat)

This service is based on Openstack Heat and implements an orchestration engine to launch multiple composite cloud applications based on templates in the form of text files. Use resources efficiently and don't spend time building and tearing down complex environments.

Workflow Service (Mistral)

The Workflow Service enables the creation of complex processes that can run on an event or time-controlled basis. For example, this service enables the creation of automated cinder volume backups.

Cloud Container Orchestration Engine

Deployments of Kubernetes clusters are possible with the help of OpenStack Magnum. On the one hand via the OpenStack Management Portal, or via the OpenStackClient. For this purpose, we provide you with Kubernetes templates for various scenarios and for simplification:

  • Single master cluster with floating IP's on master and worker nodes

  • Single master cluster without floating IP's

  • Multi master cluster with LB in front of master nodes

Of course, you can also create your own templates. Further information and help can be found in the OpenStack HELP pages. You will only be charged for the resources required for creation, such as instances, LoadBalancers, FloatingIP, storage and network traffic.

Do you need a Managed Kubernetes Cluster?

Order here

Public Cloud Security

Your data is in safe hands with us. For EveryWare, rock-solid physical and logical security is a matter of course. We are constantly optimizing our measures with regard to redundancy, backup systems and secure access to the data centers we manage and certify. As number 1 in the data center category and number 2 in the cloud services category, we guarantee the security and integrity of your data.

Identity and access management

Identity and access management (IAM) is handled by a federated authentication system with the Keystone and Keycloak components. This increases security and convenience for the cloud account.

Möglichkeiten für Benutzer

  • Choose a single login/authentication mechanism (FreeOTP or Google Authenticator) and use it for multiple cloud services

  • Standardized logon/authentication protocol (SAML and OpenId Connect)

  • User-friendly access to cloud services (sign on/off) for multiple services

  • 2-factor authentication (2FA)

  • Application of a password policy for user accounts

  • Logging of account activities

Application Credentials

Users can create application credentials to authenticate applications such as Terraform to OpenStack Keystone service.

Users can delegate a subset of their user's role assignments within a project to an application credential and grant the application the same or limited authorization for that project. With application credentials, applications authenticate themselves with the application credential ID and a secret string that is not the user's password. In this way, the user's password does not have to be entered in the application configuration.

Application credentials can be given an expiration date or deleted at any time and independently of the user account.

Key Management Service (Barbican)

The Key Management Service (KMS) with Barbican enables the encryption and decryption of the Object Storage Service (S3 SSE-KMS) and the customer's Volume Service. It is also used to create, manage and delete keys and secrets. Alternatively, the customer can use their own keys (Bring Your Own Key). SSL keys can be transferred to the load balancing service via the Key Management Service to enable HTTPS termination.

Compliance

Swiss IT service provider

With 3,000 business customers, EveryWare is the leading Swiss IT service provider with its own data center, network and cloud platforms in the greater Zurich area.

Engineering-Know-how

Specialized engineering know-how and 20 years of expertise in designing, building and operating business-critical platforms are combined with state-of-the-art cloud technologies.

Practical IT innovations

100 employees, around 90 % of whom are specialized engineers, make global IT innovations practicable for Swiss companies.

Cloud Service

EveryWare's core services are cloud services in the self-service model and managed IT services through to complete IT outsourcing.

Quality standards in terms of safety

Internationally recognized quality standards meet the highest demands in terms of performance, availability and security: EveryWare applies the FINMA requirements for bank outsourcing (RS 2018/3) and is certified in accordance with ISAE 3000 Type 2 and ISO 27001.

Successful transformation projects

Over 200 successful transformation projects for companies, including banks and insurance companies, and 30 business partners are proof of EveryWare's expertise.