• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
CloudStack In Production
 

CloudStack In Production

on

  • 4,959 views

CloudStack has many moving parts, and although we will not get too far into the details of each piece, this will be a general overview of the different components of CloudStack. Some example ...

CloudStack has many moving parts, and although we will not get too far into the details of each piece, this will be a general overview of the different components of CloudStack. Some example deployments will be provided, how CloudStack interacts with Xen hosts and KVM hosts, as well as storage, networking, permissions, and usage accounting.

Statistics

Views

Total Views
4,959
Views on SlideShare
4,939
Embed Views
20

Actions

Likes
8
Downloads
197
Comments
0

1 Embed 20

https://twitter.com 20

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    CloudStack In Production CloudStack In Production Presentation Transcript

    • CloudStack InProductionConsiderations & Design
    • What CloudStack Is● CloudStack is a cloud management platform (CMP) ○ Hypervisors ○ Layer 2 Network - VLANs / Security Groups / SDN ○ Layer 3 Network - Firewall / Router / VPN / Load Balancer ○ Storage - Primary / Secondary● CloudStack can be managed via API and/or a pretty Web GUI
    • What CloudStack Isnt● CloudStack is not a drop-in replacement for tools such as Virt Manager, XenCenter, and the vSphere Client
    • CloudStack Hierarchy● Zone = Datacenter ○ Network mode (basic or advanced) ○ Secondary storage● Pod = Rack ○ Logical grouping of clusters● Cluster = Grouping of hosts ○ Shared primary storage● Host = Server ○ Link-local interfaces (all but VMware)● Instance = VM
    • Infrastructure Components● Management Services (Web UI, API, Database)● Hosts (Servers)● Guests (VMs/Instances)● Primary Storage ○ Where your VMs live● Secondary Storage ○ Static content -- ISO Images, Snapshots, Templates, etc● Network Components (switches, VLANs, etc) ○ Switches, VLANs, SDN, virtual routers, external CloudStack managed devices such as Juniper SRX, NetScaler, F5, etc
    • Primary Storage● Your VMs run here● Primary storage is expected to be fault-tolerant, reliable, and performant● Supported protocols/methods are: ○ Fibre Channel ○ iSCSI ○ CLVM ○ VMFS (VMware only) ○ NFS ○ SharedMountPoint (KVM only) ■ ShareMountPoint can be a cluster-aware filesystem such as OCFS2 or GFS2 ○ Ceph/RBD (KVM only -- very new, and very experimental) ○ Local storage ■ Note: you cannot live-migrate with local storage
    • Secondary Storage● Only NFS is supported currently● Does not need to be as fast or as reliable as primary● Used to store: ○ Templates ○ Snapshots ○ ISO Images ○ Imported Volumes (temporarily)
    • How ACS Manages Hosts● VMware ○ Licensed vCenter is required, individual ESXi hosts can not be managed or accessed by CloudStack● XenServer, XCP & Xen ○ XAPI is used to manage all Xen based hosts along with a number of other scripts that CloudStack management will deploy● KVM ○ A combination of cloud-agent (the primary means), libvirt, virsh, and server-side scripts ■ ** Note: Do not run mixed/matched clusters (e.g. Cent and Ubuntu in the same cluster)
    • CloudStack Network Modes● Basic Networking Zone ○ Assumes flat public network ○ Assigns public addresses to all instances ○ Uses security groups for guest isolation ○ Less complex configurations and networking● Advanced Networking Zone ○ VLANs or SDN for guest segregation ○ RFC1918 addresses assigned to instances ○ Security groups not supported ○ VPC supported (virtual private cloud) ○ VPN available (site-to-site and L2TP/IPSec) ○ Inter-VLAN routing (tiered networks) ○ More complex configurations and networking
    • Host Networking● Physical interfaces (NICs)● Tagged interfaces (VLANs)● Virtual NICs (vNIC on the guest) and their representation on the virtual switch● Security groups ○ Filtering using ebtables to apply iptables rules within a bridge● Bridges ○ Know them, love them
    • Accounts, Domains,Projects, and Users● Accounts own resources ○ For example: instances, volumes, templates, networks, etc ○ Two accounts, even on the same domain, cannot see each others resources● Domains are logical containers for accounts ○ Domains can impose limits on accounts within them● Users are tied to accounts and are used for authentication ○ Users can access CloudStack via the Web UI and/or API● Projects own resources and can allow multiple accounts to control/share them same resources ○ One account is delegated the "owner" of the project -- the owner can add/remove other accounts to the project ○ All accounts must be children of the same domain
    • SDN - Software DefinedNetworking● When 4096 VLANs just arent enough make millions of tunnels instead!● GRE ○ Simple, universal, supported by Open vSwitch and others ○ GRE has overhead and doesnt correct for it, this can cause problems with packets over 1500 bytes unless tcp adjust mss can be enabled within the tunnel ○ Lightweight, easy to implement and understand● STT ○ New, promising protocol but not widely implemented ○ No overhead issue ○ Uses TCP offload in NICs to process the tunnel to increase performance
    • Questions/DiscussionClayton Weiseclayton@claytonweise.comKelcey Jamison-Damageme@kelceydamage.comkelcey@bbits.ca
    • Thank You