Citrix CloudPlatform works within multiple enterprise strategies and mandates, as well as supporting multiple cloud strategies from a provider perspective. As an initial step beyond traditional server virtualization, many organizations are looking to private cloud implementations as a means to satisfy flexibility while still retaining control over service delivery. The private cloud may be hosted by the IT organization itself, or sourced from a managed service provider, but the net goals of total control and security without compromising SLAs is achieved.For some organizations, the managed service model is stepped up one level with all resources sourced from a hosted solution. SLA guarantees and security concerns often dictate the types of providers an enterprise will look towards. At the far end of the spectrum are public cloud providers with pay as you go pricing structures and elastic scaling. Since public clouds often abstract details such as network topology, a hybrid cloud strategy allows IT to retain control over key aspects of their operations such as data, while leveraging the benefits of elastic public cloud capacity.
Citrix CloudPlatform takes the compute, network and storage resource present in modern data centers and layers on a cloud orchestration layer to provide on demand access to that infrastructure. Within Citrix CloudPlatform an organization can be separate department or business unit within an organization, or for public cloud operators can be customers or resellers of cloud services. Both organizations and direct users interact with Citrix CloudPlatform either through the CloudStack API model, or through the CloudPlatform management UI.
Empower users to “serve themselves”— removing IT from the critical path of the service deliveryAutomate previously labour intensive tasks, helping to reduce IT operation costs and deliver fasterReduces complexity and variability by using standard workloads which ensures consistency with each application and service deploymentRetains visibility into resource allocation and line of business usage on a real-time levelIncreased server/admin ratio and delivers benefits of scale— even if deployed globally
When designing a cloud, the first step should be defining the types of services to be offered. Once those services are understood, they will in turn dictate the implementation details to support them. Citrix CloudPlatform flexibility supports a number of service definitions, and implementation topologies allowing a top down design which can be logically implemented.
The first step in defining service offerings are the compute and disk nodes. A compute node starts with CPU options of speed and quantity of vCPUs, then adds in RAM options. The compute node maps to an underlying template supporting the operating system. This template is the “root” disk for the compute offering. Compute nodes without “root” disks are not supported, but a “root” disk does not need to have a pre-installed operating system. Compute nodes can have multiple “data” data disks to support the service offering, and usage monitoring data is retained by Citrix CloudPlatform.
What is it?Network OfferingsCitrix CloudPlatform fully supports the concept of multi-tenant networks within a data center. It is desirable to allow different classes of service to be provided to the same multi-tenant networks. For example, while the underlying physical wiring may be the same for two tenants, tenant A may only need a simple firewall protection for their website while tenant B may be running a web server farm and requires a scalable firewall solution, load balancing solution, and alternate networks for accessing their database backend. In CloudStack 3.0, these concepts are being rolled out to enable cloud providers to do the following things:Bundle different types of network services into network offerings to be offered to their users.Allow different network service providers to be used on the same network.Offer up-selling to end users who need better class of service on their network.Provide different ways for a network to be accessed by the end users. i.e. via projects.Bundling of network services to be provided on a networkSimilar to Service Offering and Disk OfferingAllows not only network services to be specified but also the provider of the network serviceCreated at CloudStack level by Cloud OperatorFiltered at zone level based on the network service providers available in a zoneCan be upgraded/downgraded by the Cloud CustomerLoad balancer (NetScaler/F5 BIGIP) devices pool per physical networkFirewall (SRX) devices pool per physical networkSupport for multi-vendor (F5 and NetScaler) load balancers on same physical networkNetwork offerings provides choice of dedicated/shared load balancing serviceNetwork is a broadcast domain (Think 192.168.1.1/24)Network characteristics are determined by services providedVirtual network in 2.x is Isolated Network w/ Source NAT ServiceDirect Tagged network in 2.x is Shared Network w/ DHCP ServiceAccount Specific Direct Tagged Network in 2.x is Isolated Network w/ DHCP ServiceBasic Zone concept still appliesNetwork OfferingsThe administrator starts off with deciding the network offerings they want to provide throughout their entire cloud offering. Network Offerings group together a set of network services such as firewall, dhcp, dns, etc.Network Offerings allow specific network service providers to be specified.Network Offerings can be tagged to specifically choose the underlying network.Network Offerings have the following states: Disabled, Enabled, Inactive. All Network Offerings are created in the Disabled state. Once a network offering has been configured to the correct stateCertain Network Offerings are for used by the system only. This means end users cannot see them.Network Offerings can be updated to enable/disable services and providers. Once that is done, it is up to the administrator to reprogram all of the networks that are based on that network offering.Network Offerings tags cannot be updated. However, the tags on the physical networks can be updated and deleted.Citrix CloudPlatform is deployed with three default network offerings for the end users, virtual network offering and shared network offering without security group and a shared network offering with security group.Shared NetworksA Shared Network is a network that can be shared between many different users. Network Isolation on shared networks is done via other means, such as security groups. In pre-3.0, this is the Direct Guest Network. However, in 3.0, this concept is enhanced as follows:Shared Networks are created by the administratorShared Networks can be designated to a certain domainShared Network resources such as VLAN and physical network that it maps to are designated by the administratorShared Networks can have multiple network offerings, allowing an end user to choose the network offering to deploy their virtual machine withShared Networks are isolated by security groupsPublic Network is a shared network that is not shown to the end users.Guest Virtual NetworksA Virtual Network is a network that only the virtual machines of the same end user can be on. This is equivalent to the guest virtual network concept in pre-3.0 releases. Virtual networks have the following properties.Resources such as VLAN are allocated and garage collected dynamically.There is one network offering for the entire network.The network offering can be upgraded or downgraded but it is for the entire network
In this section, we’ll look at the user experience both administrators and users will have through the CloudPlatform management UI. In addition to this UI, Citrix CloudPlatform fully supports both a CloudStack API as well as an AWS like API.
The CloudPlatform management UI is completely web based, and provides access to all Citrix CloudPlatform features. The UI provides management of multiple availability zones from a single console. This includes all the zone configuration items such as Clusters, Pods and Hosts. Domain, account and user management is also covered as is all services definitions. Administrators can view critical system alerts, and see notifications resulting from all administrators in the system.
For users of the cloud infrastructure, the act of creating a new virtual machine instance follows a simple wizard flow. The user first starts by selecting which Zone the VM will be deployed into, then selects the service offering and any additional disks. The last step in the wizard is to select a network topology from the list of options defined for that service, zone and user. Once the instance is defined, the instance is created an the user can access it.
The user dashboard allows users to see at a glance the resources they are consuming. This includes all virtual machines allocated to them, as well as network resources consumed and the latest events for their resources.
Users have direct access to the instances they have deployed. This includes the ability to start/stop VMs, and to destroy them once done. Direct console access is provided, [click] as is the ability to see the resource consumption and overall configuration for the VM. [click] In the event they need to change as aspect of the service offering associated with the instance, they can modify it within the limits defined for their account.
Volumes are the core storage medium for virtual machines. Each virtual machine will have at least one volume, and depending upon the service offering may have additional data volumes associated with it. [click]Creating new templates, perhaps with operating system patches or application stacks installed in them, is done by first creating a snapshot of the volume, then converting that snapshot to a template. The created template can either be public or private.[click]Snapshots for backup purposes can be taken manually or scheduled as required.[click]The entire snapshot history can be viewed for a VM instance
The fundamental unit of account management in Citrix CloudPlatform is a domain. Within a given domain, a cloud operator will create one or more accounts for each customer/department. An account provides an isolation model which separates the offerings and provisioned resources for each account. Accounts have at least one user associated with them, and users are not isolated from each other. Domains can also have sub domains as required, and users can be delegated as administrators of domains. Cloud operators with a reseller model will typically define a domain for each reseller, while private clouds typically have a single domain.
The core components of a Citrix CloudPlatform implementation are:Hosts – Hosts are servers from at least one of the supported virtualization providers. Citrix CloudPlatform fully supports hosts from multiple providers, but does not convert VM images from one hypervisor type to another. Depending on the hypervisor, a “host” may be a higher level concept. For example, in XenServer a Citrix CloudPlatform “host” is equivalent to a XenServer resource pool and the “host” entry is the pool master.Primary Storage – Primary storage is the hypervisor level storage containing the deployed VM storage. Primary storage options will vary by hypervisor, and depending upon the hypervisor selected, CloudPlatform may impose requirements upon it.Cluster – Host groups are combined into Clusters which contain the primary storage options for the Cluster. Primary storage isn’t shared outside of a Cluster. In the case of CloudPlatform, a Cluster in of itself does not imply modification of any clustering concept within the hypervisor. For example, in XenServer a resource pool is a host to CloudPlatform, and CloudPlatform does not create a super set of Cluster functionality for XenServer. Pod -- Host groups are combined first into Clusters and then into Pods. For many customers, a pod represents a high level physical concept like a server rackNetwork – Network is the logical and physical network associated with service offerings. Multiple concurrent network service offerings and topologies can be supported within CloudPlatformSecondary Storage – Secondary storage is the storage system used for template and ISO management. It also is where snapshot events occur.Zone – A zone is a collection pods to form some level of service availability. While Amazon EC2 defines an availability zone as a data center, CloudPlatform keeps the concept more abstract allowing cloud operators to have multiple availability zones within a given data center.Management Server Farm – The CloudPlatform management server farm is a grouping of CentOS/RHEL CloudPlatform servers forming a web farm, with an underlying MySQL cluster database. The management server farm can manage multiple Zones, and can be virtualized.
Support for all NetScaler family of load balancersVPX : virtual load balancer appliance that can run on XenServer, ESXi, Hyper-V with throughput range of 10 Mbps to 3 GbpsMPX : Physical hardware based load balancer appliances with throughput range of 500 Mbps to 500 GbpsSDX : load balancing service delivery platform that can spin up (16-40) VPX instances dynamically with maximum throughput range of 8 Gbps to 50 GbpsAdmin is responsible for VPX appliances life-cycle. Citrix CloudPlatform will treat VPX like MPXCloudPlatform will fully manage the life-cycle of VPX instances created on SDXWill support Round-Robin, Least Connection, Source IP lb algorithmWill support source IP, LB cookie and App-Cookie based session stickinessSupport for both inline and side-by-side configurationsNetScaler Placement LogicCitrix CloudPlatform responsible for allocating a Load balancer device from pool of Load balancer devices in the physical networkA load balancer is chosen with maximum free capacityAuto-provision VPX instances on NetScaler SDX when there is insufficient capacityDestroy VPX instance on NetScaler SDX when no guest network is using it
Primary StoragePrimary storage is used for all active VM storage of both root and data disks. This storage is local to the CloudPlatform Pod and is directly available to the hypervisors hosts in the pod. The two universally supported connection methods are NFS and iSCSI, and CloudPlatform manages these connections. Additionally, options exist for FC and local storage, but these options do vary by hypervisor type. New for CloudStack 3.0 is OpenStack Swift integration.Secondary StorageSecondary storage is used for all template, ISO and volume snapshot activities. This storage is local to each CloudPlatform availability zone and is accessed through the CloudPlatform secondary storage server. This system VM connects to the underlying secondary storage device using NFS.Templates and ISOsTemplates and ISOs are imported into CloudPlatform secondary storage through the use of the storage system VM. The import process is through HTTP. ISOs can be defined as being bootable, and templates must be of a file type which matches hypervisors within the zone. CloudPlatform won’t convert a template from one hypervisor disk format to another.
See hypervisor notes for full detailsXenServerCitrix CloudPlatform includes and entitlement for XenServer Advanced edition. When using XenServer, you will first add the XenServer pool master to CloudPlatform as a host, and CloudPlatform will transparently add all slave hosts to CloudPlatform. Oracle VMLimitations: No snapshot because OVM is using raw format for volumeNo system VM because OVM won’t support Debian guestNeed a helper cluster(xenserver/kvm/vmware)Advantage:Oracle provides lots of templates which have Oracle DB frameworks, applications built in, customer can quickly deploy Oracle serviceCreate templateCreate template from root volume of VMStart system VMAdd a helper cluster(XenServer/KVM/Vmware) before creating any OVM VmThe domain router will automatically be created in helper cluster when creating first OVM instanceNo OVM manager and CloudPlatform mixedOvs-agent will store data in local database on hostSupported OS typeAll Linux/Solaris templates must be from Oracle siteWindows can be installed from ISOOracle Cluster File SystemOracle recommendation solution for using ISCSIUser responsibilitySetup ISCSI device on every hostCreate OCFS2 file system on every deviceCloudPlatform responsibilityConfigure every ocfs2 nodeAdd/Remove node on demandKVMFor KVM, Support is only for RHEL 6 based KVM and Ubuntu 10.04. No other flavors of KVM are supported, including RHEV.vCenter cluster/hostA vCenter cluster is mapped directly to a CloudPlatform cluster under PodA vCenter cluster for CloudPlatform can only belong to one vCenter datacenterWhy?vCenterDatastore used by vCenter cluster is at scope of vCenter datacentervCentervSwitch used by vCenter cluster is at scope of vCenter datacenterSharing vCenter datacenter resource outside of CloudPlatform will be problematicSystem VM bootstrapFirst generation is done by CloudPlatform management serverSecond/beyond generations is done through a running SSVMSSVM (Secondary Storage VM)SSVM for template processingSSVM for VMware volume/snapshot/template operationCommand delegationSystem VM, extension of CloudPlatform management serverResource manager can be running in context of a system VMCommand delegation in CloudPlatform management serverSnapshotsCloudPlatform snapshot is taken at volume basisSnapshot in vCenter is take at VM basisFill the gapTake a VM snapshot, if it is for a detached volume in CloudPlatform, create a worker VMParse VM snapshot meta data, build up disk chain information at volume basisCreate intermediate VM on top of a selected disk chainExport VM (full backup) to secondary storageCleanupsvCentervSwitchvSwitch setup is done through vCenterNIC-bonding is done through vCenterCloudPlatform creates networks (portgroups) dynamicallyCloudPlatform propagates networks across clusterWhy? To support independent VM live migration both in CloudPlatform and vCenterDefault vSwitch portsNot enough, usually needs to extend
These key features are all encompassed within Citrix CloudPlatform
These organizations all have built successful solutions using the flexibility and agility of next generation cloud architectures. Citrix cloud solutions enable these companies to provide the level of service their customers demand. Several of these accounts leverage CloudPlatform and XenServer as part of their overall cloud orchestration strategy.
When a user requests a VM instance, there are several steps performed.The user logs in and selects the desired availability zone for their instance, and then selects the desired template from the list of templates available to them. This is the trigger for the provisioning process.Depending on the instance and zone requirements, optional network services such as routing, dhcp and load balancing are provisioned for the zone. If these services are already provisioned, and can be shared by the user, then shared instances are used; otherwise isolated instances of the network services are used.The template representing the root disk of the VM is copied from the secondary storage for the zone to the primary storage for the cluster. Citrix CloudPlatform attempts to localize services for accounts to as few clusters as possible. This is done partly for security reasons, and partly to ensure optimal performance for provisioned services.If the instance requires any data volumes, the data volumes are created on primary storage for the cluster. Note that the storage preferences for the root volume and data volumes may be different resulting in the volumes occupying different primary storage devices within a given cluster. For example, data disks may have attributes which place them on a primary storage device which is continuously backed up while the root volume might be located on local storage.Citrix CloudPlatform then instructs the host to create and start the instance VM
Citrix CloudPlatform includes and entitlement for XenServer Advanced edition. When using XenServer, you will first add the XenServer pool master to CloudPlatform as a host, and CloudPlatform will transparently add all slave hosts to CloudPlatform.
Limitations: No snapshot because OVM is using raw format for volumeNo system VM because OVM won’t support Debian guestNeed a helper cluster(xenserver/kvm/vmware)Advantage:Oracle provides lots of templates which have Oracle DB frameworks, applications built in, customer can quickly deploy Oracle serviceCreate templateCreate template from root volume of VMStart system VMAdd a helper cluster(XenServer/KVM/Vmware) before creating any OVM VmThe domain router will automatically be created in helper cluster when creating first OVM instanceNo OVM manager and CloudPlatform mixedOvs-agent will store data in local database on hostSupported OS typeAll Linux/Solaris templates must be from Oracle siteWindows can be installed from ISOOracle Cluster File SystemOracle recommendation solution for using ISCSIUser responsibilitySetup ISCSI device on every hostCreate OCFS2 file system on every deviceCloudPlatform responsibilityConfigure every ocfs2 nodeAdd/Remove node on demand
For KVM, Support is only for RHEL 6 based KVM and Ubuntu 10.04. No other flavors of KVM are supported, including RHEV.
vCenter cluster/hostA vCenter cluster is mapped directly to a CloudPlatform cluster under PodA vCenter cluster for CloudPlatform can only belong to one vCenter datacenterWhy?vCenter Datastore used by vCenter cluster is at scope of vCenter datacentervCenter vSwitch used by vCenter cluster is at scope of vCenter datacenterSharing vCenter datacenter resource outside of CloudPlatform will be problematicSystem VM bootstrapFirst generation is done by CloudPlatform management serverSecond/beyond generations is done through a running SSVMSSVM (Secondary Storage VM)SSVM for template processingSSVM for VMware volume/snapshot/template operationCommand delegationSystem VM, extension of CloudPlatform management serverResource manager can be running in context of a system VMCommand delegation in CloudPlatform management serverSnapshotsCloudPlatform snapshot is taken at volume basisSnapshot in vCenter is take at VM basisFill the gapTake a VM snapshot, if it is for a detached volume in CloudPlatform, create a worker VMParse VM snapshot meta data, build up disk chain information at volume basisCreate intermediate VM on top of a selected disk chainExport VM (full backup) to secondary storageCleanupsvCenter vSwitchvSwitch setup is done through vCenterNIC-bonding is done through vCenterCloudPlatform creates networks (portgroups) dynamicallyCloudPlatform propagates networks across clusterWhy? To support independent VM live migration both in CloudPlatform and vCenterDefault vSwitch portsNot enough, usually needs to extend
1. Citrix CloudPlatformTechnical OverviewPowered by Apache CloudStackMay 2012