Cloud Services
Cloud Services

Features

Home Cloud Services Open Cloud Features

Through our Open Cloud, we provide our customers with an IaaS service based on the open source software Openstack. The functions of the EveryWare Open Cloud are very extensive and are divided into compute, storage and network.

They also range from creating a single server to configuring comprehensive multi-tier network architectures. The EveryWare Open Cloud offers various advanced services, such as Kubernetes, load balancing, block-level backup, site-2-site VPN (IPsec) and object storage.

Cloud Services Portal

Our public cloud platform offers a variety of infrastructure services that can be configured and managed via a user-friendly Cloud Services Portal. Whether you prefer to use a graphical user interface or an API interface, our platform offers flexible and intuitive options to meet your needs. From pre-configured templates to customized virtual machines and complete development environments, our cloud services are designed to give you the computing power and agility you need to succeed in today's fast-paced digital world.

The comprehensive help page in German and English contains useful tips and information as well as a quick start guide. This will help you get started with the OpenStack Management Portal Horizon. You will learn step by step how to create a network, connect your first virtual server (instance) and access it.

The Cloud Services Portal allows you to centrally manage all your cloud resources, such as virtual servers, storage volumes or projects. Projects are used for the logical delimitation of resources, such as virtual networks, servers or storage volumes for access, but also for subsequent billing, which takes place on an hourly basis to the second.

The Cloud Services Portal includes a quota and usage dashboard as well as a comprehensive S3 Management Dashboard with many functions, with which you can easily manage the S3 storage, objects and authorizations via a graphical interface.

For flexible billing, there are various pricing models such as on-demand and pre-committed models, which can be selected or combined as required.

Managed Kubernetes Service

With the EveryWare Cloud Orchestrator solution, you can orchestrate Kubernetes clusters quickly and effortlessly in the Cloud Services Portal. Our platform allows you to create and manage your custom Kubernetes clusters in minutes, enabling you to run your workloads efficiently in the open cloud. Thanks to the flexibility of multi-availability zone options, you can use up to three availability zones (AZ) within a region in Switzerland to deploy highly available applications. Our high-availability infrastructure is based in Switzerland and complies with GDPR guidelines to ensure maximum data security.

    Features

    • Self-service: You can easily manage Kubernetes clusters yourself via our user-friendly Cloud Services Portal.
    • Multi-Availability Zones in Switzerland: Use up to three availability zones for high availability of your applications.
    • Autoscaling: Optimize your resources and costs by automatically scaling your clusters.
    • Security by Design: Our infrastructure is GDPR-compliant and offers the highest security standards.
    • Hibernation: Reduce costs through planned downtimes of your clusters when they are not in active use.
    • Cost-efficient: Only the resources actually used are billed; the master nodes are cost-neutral.

    Use Cases

    • Microservices: Ideal for the development and management of microservice architectures.
    • Application migration: Supports the smooth migration of existing applications to the cloud.
    • Continuous Integration and Continuous Delivery/Deployment (CI/CD): Perfect for CI/CD pipelines that enable continuous delivery.
    • Hybrid Cloud: Seamlessly extend your local infrastructure with cloud resources.
    • SaaS: Develop and operate Software-as-a-Service applications efficiently and scalably.

    Compute

    Open Cloud Compute provides flexible and cost-efficient cloud computing power via OpenStack Nova. Creating, booting and scaling instances (VMs) only takes a few seconds and you only pay for the resources you actually use.

    A cloud server instance consists of one or more virtual processors (vCPU), memory, an OS image (operating system, public or private image) and instance block storage (IBS) or volume block storage (Volume Service VBS). The customer can choose from preconfigured types, known as flavors. These flavors combine firmly defined sizes and limits in terms of network bandwidth, storage throughput or IOPS number and type of vCPUs, memory size and instance block storage. These performance classes cover a variety of typical areas of use. From enterprise database applications to web applications, development projects and virtual data centers. The hypervisor used is Libvirt, QEMU and KVM, one of the most secure and fastest virtualization stacks.

    Compute GPU

    The EveryWare Open Cloud GPU instances are equipped with the latest NVIDIA L4 Tensor Core GPU and are specifically designed for demanding AI, ML and graphics workloads. With an impressive combination of performance, flexibility and scalability, they offer a powerful solution for your most demanding applications.

    Image Management Service

    The Image Management Service allows EveryWare to manage preconfigured operating system images (public images) as well as customers' own images. When creating a cloud server, an image must be assigned by the customer. Frequently used images should be stored in RAW format to avoid conversion when starting a cloud server and to speed up the boot process considerably.

    Public images

    The Open Cloud provides the following operating system images optimized for the cloud. These are automatically expanded at periodic intervals and made available in an up-to-date version.

    Type

    Type Name

    License version

    License costs/month in CHF

    Linux

    AlmaLinux

    9

    0.-

    Linux

    AlmaLinux LVM

    9

    0.-

    Linux

    CentOS Stream

    8/9

    0.-

    Linux

    CentOS Stream LVM

    8/9

    0.-

    Linux

    Ubuntu

    20.04/22.04/24.04

    0.-

    Ubuntu Linux

    Ubuntu LVM

    20.04/22.04/24.04

    0.-

    Ubuntu Linux

    Ubuntu DevTools

    20.04/22.04/24.04

    0.-

    Linux

    Ubuntu GPU

    22.04/24.04

    0.-

    Linux

    Fedora AtomicHost

    29

    0.-

    Linux

    CirrOS

    0.5.2/0.6.1

    0.-

    Windows

    Windows Server Standard

    2019/2022

    27.-1

    Windows

    Windows Server Standard Core

    2019/2022

    27.-1

    MS SQL

    Microsoft SQL Server

    Web Edition

    27.702

    MS SQL

    Microsoft SQL Server

    Standard Edition

    442.403

    MS SQL

    Microsoft SQL Server

    Enterprise Edition

    1'665.604

    Linux

    Red Hat Enterprise Linux 7

    7

    see Red Hat

    Linux

    Fedora AtomicHost

    29

    0.-

    1 Price for minimum licensing Windows Server (8 Core). Further Windows Server Core license packages:"Windows Server 2 Core License" (CHF 6.75/p.M)

    2 Price for minimum licensing MS SQL Server Web Edition (4 Core). Further MS SQL Server Core license packages:"MS SQL Server Web Edition 2 Core Licenses" (CHF 13.85/p.M.)

    3 Price for minimum licensing MS SQL Server Standard Edition (4 Core). Further MS SQL Server Core license packages: "MS SQL Server Standard Edition 2 Core licenses" (CHF 221.20/p.m.)

    4 Price for minimum licensing MS SQL Server Enterprise Edition (4 Core). Additional MS SQL Server Core license packages:"MS SQL Server Enterprise Edition 2 Core Licenses" (CHF 832.80/p.m.)

    The licenses are charged on an hourly basis and are prorated. The above prices are calculated on the basis of a month with 31 days (744 hours).

    Private images

    The customer has the option of uploading their own private images to the Image Management Service or creating them on the basis of a cloud server. Images that are not stored/uploaded in RAW format must be converted in the background when a cloud server is started. To avoid this time-consuming process, images should always be in RAW format. For private images, the customer takes responsibility for the license-compliant usage and technical functionality of the operating system or application.

    Storage

    The virtual storage volume, known as storage, is provided on a scalable, redundant and high-performance NVME-SSD enterprise storage cluster based on Ceph.

    Block Storage (VBS)

    The SSD block storage types are divided into the two volume categories "General Purpose" and "Provisioned" and differ in the number of IOPS per volume that are provided. A created volume causes a chargeable consumption, regardless of whether a computer resource accesses it or not.

    Provisioned

    The maximum number of IOPS for provisioned block storage is independent of the volume size, but a minimum volume size of 100 GB is required for fair use.

    Name

    SSD block storage type

    Ratio IOPS per volume

    Throughput MB/s

    Volume Cost per GB/h (CHF)

    Volume Cost per GB/month (CHF base 744h)

    v-ssd-bsc

    Provisioned IOPS "Basic"

    up to 500

    50

    0.00014382

    0.107

    v-ssd-std

    Provisioned IOPS "Standard"

    up to 1'000

    120

    0.00025887

    0.193

    v-ssd-medium

    Provisioned IOPS "Performance"

    up to 2'000

    180

    0.00035954

    0.268

    v-ssd-high

    Provisioned IOPS "High-Performance"

    up to 3'500

    215

    0.00050336

    0.375

    v-ssd-ultra

    Provisioned-IOPS "Ultra-High-Performance"

    up to 5'000

    250

    0.00071909

    0.535

     
    General Purpose

    With general purpose block storage, the maximum available disk IOPS increase dynamically with the size of the volume. Two progression levels with different ratio IOPS are currently offered.

    Calculation example 1: Moderate increase in IOPS per GB volume: 400GB * 5 IOPS = 2,000 IOPS
    Calculation example 2: Significant increase in IOPS per GB volume: 400GB * 25 IOPS = 10,000 IOPS

    Name

    SSD Blockstorage Type

    Ratio IOPS per GB

    Throughput KiB/s per GB

    Volume Cost per GB/h (CHF)

    Volume Cost per GB/month (CHF base 744h)

    v-ssd-dynb

    Dynamic IOPS "Basic"

    5 (up to max. 10,000 IOPS per volume)

    800 (75 to max. 250MB/s)

    0.00017977

    0.134

    v-ssd-dynx

    Dynamic IOPS "Excellent"

    25 (up to max. 20,000 IOPS per volume)

    1,024 (100 to max. 500MB/s)

    0.00035954

    0.268

    Calculation example
    Moderate increase in IOPS per GB volume: 400GB * 5 IOPS = 2,000 IOPS
    Significant increase in IOPS per GB volume: 400GB * 25 IOPS = 10,000 IOPS

    Note

    Up to 24 block storage volumes can be assigned to each OpenStack Cloud Server, whereby the volume block storages can be of different types. The maximum size of a single volume is currently limited to 20TB.

    Object Storage Service

    The Object Storage Service is an object-based data storage service. It can be accessed over the Internet via HTTPs and the widely used APIs S3 and Swift. Object Storage offers the option of creating, retrieving and deleting S3 buckets or Swift containers and storage objects. It is possible to control access at the bucket level. Object Storage offers extremely high scalability and at the same time simple but powerful administration. All data sources can be easily connected to Object Storage and large volumes of data can be stored automatically. Regardless of whether storage is required for application data, backup, disaster recovery or another business application.

    Volume Backup Service

    The Volume Backup Service or Cinder Backup offers the option of a complete or incremental backup to restore volumes using the Object Storage Service. A backup is a "point-in-time copy" of a volume and is stored in the secondary data center on a highly redundant object storage cluster. The backup can be automated and controlled via the Workflow Service or controlled directly via the Volume Service API.

    Volume Snapshot Service

    The Volume Snapshot Service or Cinder Snapshot offers the option of creating a "point in time copy" of a cloud server instance or a volume. A snapshot of a cloud server instance is transferred to the image service and is used to start a new server based on this snapshot. The snapshot is stored as a private image in the Compute/Images area and billed as an Image Service on an hourly basis. A snapshot of a volume appears on the block storage solution in the OpenStack Management Portal under Volume/Snapshot. A volume snapshot can be converted into a volume (also a bootable volume).

    Network (Neutron)

    Cloud network functions are essential for every virtual server. The central network functions are mapped with the OpenStack "Neutron" service. EveryWare offers a wide range of network functions in the Open Cloud. These enable simple, scalable and secure connection of the compute instances. Any number of private networks, security groups, routers, S2S VPN and load balancing can be operated directly and conveniently in the OpenStack management portal.

    Router

    The compute instances are connected using a virtual router. The virtual router forwards the data packets between networks. It can connect several private networks with each other or with the public network (and therefore the Internet). The network services therefore have public and private IP addresses. Each router is mapped in a highly redundant manner and ensures uninterrupted and high-performance access.

    Site-2-Site VPN (IPsec)

    The VPN service is connected to a router and refers to an endpoint group or a single subnet in order to reach a remote site. After activating this service, you can set up several VPN connections; billing is per VPN connection and is charged per hour. A router is required for this service.

    Floating IPs

    A floating IP is a public IP address that can be assigned to a load balancer or cloud server, for example. A floating IP can only be assigned to the cloud server if the network is connected to the public network (and therefore the internet) via a router. A cloud server with an assigned floating IP can be accessed directly from the Internet via this IP. It is essential to pay attention to the configuration of the security groups. Floating IPs are also required for port forwarding.

    Load Balancer Service (Octavia)

    High Available Load Balancing as a Service (LBaaS) offers load balancing on the basis of virtual IPs. The OpenStack Octavia Service can also create TLS-terminated HTTPS loadblancers in conjunction with the OpenStack Barbican Service (Key Management System). Classic features such as health monitoring, "sticky sessions", non-terminated HTTPS, HTTP, TCP load balancing, but also advanced functions such as UDP, SNI, client authentication or backend re-encryption can be implemented with the Octavia Service.

    Octavia concepts

    Load balancer

    The load balancer occupies a Neutron network port and has an IP address that is assigned to a subnet.

    Listener

    Load balancers can wait for requests on several ports. Each of these ports is specified by a listener.

    Pool

    A pool contains a list of members that provide content via the load balancer.

    Member

    Members are servers that serve the data traffic behind a load balancer. Each member is specified by the IP address and the port it uses for data traffic.

    Health monitor

    Members can go offline from time to time and health monitors deflect traffic from members that are not responding properly. Health monitors are connected to pools.

    Port forwarding

    With the function developed by EveryWare, any number of PORTs or PORT range forwarding can be configured in the OpenStack Management Portal. A connection that is received via a specific external PORT (e.g. 2222) of the virtual router is forwarded to a cloud server instance or virtual machine (VM) via another internal PORT (e.g. 22).

    Security Groups

    Security groups replace conventional firewalls in modern cloud platforms. While a firewall only seals off entire networks, security groups can be used to secure individual network ports of the instance within a layer 2 network - even against access from the same layer 2 network. This eliminates the need to divide networks into several tiers due to security concerns. Within an Openstack project, access to instances is defined via security groups.

    Security rules

    Each security group contains one or more security rules. The rules contain granular rules on which protocols, groups (security groups) and CIDRs are used to define who should have access to whom.

    Private networks and sub-networks

    Different private networks can be created within a project. The IP address ranges of the associated sub-networks can be freely selected within the framework of RFC 1918.

    Cloud Management und Governance

    A powerful and capable cloud computing platform requires strong governance tools on the one hand and a robust management system on the other. In addition to the OpenStack management portal Horzion, EveryWare offers a Cloud Services Portal with extensive functions. This ensures that the cloud infrastructure can be set up and maintained quickly, flexibly and reliably.

    OpenStack Management Portal

    In the OpenStack Management Portal Horizon, you can manage all your cloud resources from a central location. Cloud resources here means virtual servers, storage volumes and networks. The functions are very extensive and range from deploying a server to configuring a virtual data center with extensive multi-tier network architectures.

    Cloud Services Portal

    With the EveryWare Cloud Services Portal, operation is very simple. In the Cloud Services Portal, you can manage your cloud services such as customers (clients), OpenStack projects (accounts) and user management (IAM) from a central location. Other services include an integrated S3 Management Panel, which can be used to manage S3 buckets. In addition, a Managed Kubernetes Service with which you can create a Kubernetes cluster in just a few steps. You can also use the Backup Service to automatically back up all volumes in an OpenStack project, or just a few virtual servers within the project, or a few selected volumes. The range of functions and authorizations are based on profiles. Individual dashboard management profiles with individual authorizations can be created and assigned to a user. In principle, a user only ever sees the services for which they are authorized.

    Profiles

    Enterprise Partner

    Manages authorized cloud services, clients and users.

    Client

    Manages authorized cloud services and users.

    User

    A user has one of the above profiles with the corresponding authorizations.

    Orchestration and Automation

    OpenStack supports the control and automation of your cloud resources with a range of tools. These include the OpenStack API, with which you can execute and thus automate all functions of the OpenStack Management Portal at command level. Other supported automation tools are Heat and Mistral.

    OpenStack API

    Use the native OpenStack API to control and automate all your resources. OpenStack Client (also known as OSC) is a command-line client for OpenStack that consolidates access to all Openstack APIs into a single shell with a unified command structure.

    More about OpenStack API

    Orchestration service (Heat)

    This service is based on Openstack Heat and implements an orchestration engine to launch multiple composite cloud applications based on templates in the form of text files. Use resources efficiently and don't spend time building and tearing down complex environments.

    Workflow Service (Mistral)

    The Workflow Service enables the creation of complex processes that can run on an event or time-controlled basis. For example, this service enables the creation of automated cinder volume backups.

    Of course, you can also create your own templates. Further information and help can be found in the OpenStack HELP pages. You will only be charged for the resources required for creation, such as instances, LoadBalancers, FloatingIP, storage and network traffic.

    Do you need a Managed Kubernetes Cluster?

    Order here

    Public Cloud Security

    Your data is in safe hands with us. For EveryWare, rock-solid physical and logical security is a matter of course. We are constantly optimizing our measures with regard to redundancy, backup systems and secure access to the data centers we manage and certify. As number 1 in the data center category and number 2 in the cloud services category, we guarantee the security and integrity of your data.

    Identity and access management

    Identity and access management (IAM) is handled by a federated authentication system with the Keystone and Keycloak components. This increases security and convenience for the cloud account.

    Möglichkeiten für Benutzer

    • Choose a single login/authentication mechanism (FreeOTP or Google Authenticator) and use it for multiple cloud services

    • Standardized logon/authentication protocol (SAML and OpenId Connect)

    • User-friendly access to cloud services (sign on/off) for multiple services

    • 2-factor authentication (2FA)

    • Application of a password policy for user accounts

    • Logging of account activities

    Application Credentials

    Users can create application credentials to authenticate applications such as Terraform to OpenStack Keystone service.

    Users can delegate a subset of their user's role assignments within a project to an application credential and grant the application the same or limited authorization for that project. With application credentials, applications authenticate themselves with the application credential ID and a secret string that is not the user's password. In this way, the user's password does not have to be entered in the application configuration.

    Application credentials can be given an expiration date or deleted at any time and independently of the user account.

    Key Management Service (Barbican)

    The Key Management Service (KMS) with Barbican enables the encryption and decryption of the Object Storage Service (S3 SSE-KMS) and the customer's Volume Service. It is also used to create, manage and delete keys and secrets. Alternatively, the customer can use their own keys (Bring Your Own Key). SSL keys can be transferred to the load balancing service via the Key Management Service to enable HTTPS termination.

    Compliance

    Swiss IT service provider

    With 3,000 business customers, EveryWare is the leading Swiss IT service provider with its own data center, network and cloud platforms in the greater Zurich area.

    Engineering-Know-how

    Specialized engineering know-how and 20 years of expertise in designing, building and operating business-critical platforms are combined with state-of-the-art cloud technologies.

    Practical IT innovations

    100 employees, around 90 % of whom are specialized engineers, make global IT innovations practicable for Swiss companies.

    Cloud Service

    EveryWare's core services are cloud services in the self-service model and managed IT services through to complete IT outsourcing.

    Quality standards in terms of safety

    Internationally recognized quality standards meet the highest demands in terms of performance, availability and security: EveryWare applies the FINMA requirements for bank outsourcing (RS 2018/3) and is certified in accordance with ISAE 3000 Type 2 and ISO 27001.

    Successful transformation projects

    Over 200 successful transformation projects for companies, including banks and insurance companies, and 30 business partners are proof of EveryWare's expertise.