Platform Architecture

Shadow’s OpenStack deployment exposes a set of core services that enable compute, networking, storage, orchestration, identity, and automation capabilities.
This document provides a high-level overview of these services and how they fit together within the platform.

Identity & Access Management link

Keystone link

Central authentication and authorization system.
All other services depend on Keystone for token validation and project-scoped access control.

Compute link

Nova link

Manages virtual machine lifecycle, scheduling, and compute node orchestration.

Nova Metadata link

Delivers cloud-init metadata and instance configuration to VMs.

Networking link

Neutron link

Provides virtual networking, routers, floating IPs, security groups, and network isolation.

Octavia link

Load Balancing as a Service (LBaaS), enabling users to deploy and manage load balancers.

Designate link

DNS service for managing DNS zones and records.

Storage link

Cinder link

Block storage management (volumes, snapshots, backups).

Glance link

Image service for storing and provisioning VM images.

Resource Tracking link

Placement link

Tracks compute, network, and storage resources and provides scheduling data to other services.

Security & Secrets link

Barbican link

Secure storage for secrets, certificates, and encryption keys.

Billing & Usage link

CloudKitty link

Usage rating and billing engine for resource consumption tracking.

User Interface link

Skyline link

The graphical web dashboard for interacting with OpenStack services.

High Level Overview link

flowchart TB
    subgraph Identity
        Keystone[Keystone - Authorization/Authentication]
    end

    subgraph Compute
        compute_anchor(( )):::anchor
        Nova[Nova - Virtual Machines]
    end

    subgraph Networking
        networking_anchor(( )):::anchor
        Neutron[Neutron - Networks, Routers, IPs]
        Octavia[Octavia - Load Balancers]
        Designate[Designate - DNS Zones/Records]
    end

    subgraph Storage
        storage_anchor(( )):::anchor
        Cinder[Cinder - Block Storage]
        Glance[Glance - Images]
    end

    subgraph Other
        other_anchor(( )):::anchor
        Barbican[Barbican - Secrets]
        CloudKitty[CloudKitty - Usage/Rating]
        Ceilometer[Ceilometer - Telemetry/Monitoring]
    end

    subgraph UI
        ui_anchor(( )):::anchor
        Skyline[Skyline - Web Dashboard]
    end

    Keystone --> compute_anchor
    Keystone --> networking_anchor
    Keystone --> storage_anchor
    Keystone --> other_anchor
    Keystone --> ui_anchor

    classDef anchor fill:transparent,stroke:transparent;

    class Keystone identity;
    class Nova compute;
    class Neutron,Octavia,Designate networking;
    class Cinder,Glance storage;
    class Barbican,CloudKitty,Ceilometer other;
    class Skyline ui;

    classDef identity fill:#dbeafe,stroke:#90cdf4,color:#1e3a8a
    classDef compute fill:#ede9fe,stroke:#c4b5fd,color:#4c1d95
    classDef networking fill:#d1fae5,stroke:#6ee7b7,color:#065f46
    classDef storage fill:#fef3c7,stroke:#fcd34d,color:#92400e
    classDef other fill:#f3f4f6,stroke:#d1d5db,color:#374151
    classDef ui fill:#e0f2fe,stroke:#7dd3fc,color:#075985