SlideShare a Scribd company logo

CloudStack In Production

Clayton Weise
Clayton Weise

CloudStack has many moving parts, and although we will not get too far into the details of each piece, this will be a general overview of the different components of CloudStack. Some example deployments will be provided, how CloudStack interacts with Xen hosts and KVM hosts, as well as storage, networking, permissions, and usage accounting.

Technology
1 of 14
Download to read offline
CloudStack In Production Considerations & Design
What CloudStack Is ● CloudStack is a cloud management platform (CMP) ○ Hypervisors ○ Layer 2 Network - VLANs / Security Groups / SDN ○ Layer 3 Network - Firewall / Router / VPN / Load Balancer ○ Storage - Primary / Secondary ● CloudStack can be managed via API and/or a pretty Web GUI
What CloudStack Isn't ● CloudStack is not a drop-in replacement for tools such as Virt Manager, XenCenter, and the vSphere Client
CloudStack Hierarchy ● Zone = Datacenter ○ Network mode (basic or advanced) ○ Secondary storage ● Pod = Rack ○ Logical grouping of clusters ● Cluster = Grouping of hosts ○ Shared primary storage ● Host = Server ○ Link-local interfaces (all but VMware) ● Instance = VM
Infrastructure Components ● Management Services (Web UI, API, Database) ● Hosts (Servers) ● Guests (VMs/Instances) ● Primary Storage ○ Where your VMs live ● Secondary Storage ○ Static content -- ISO Images, Snapshots, Templates, etc ● Network Components (switches, VLANs, etc) ○ Switches, VLANs, SDN, virtual routers, external CloudStack managed devices such as Juniper SRX, NetScaler, F5, etc
Primary Storage ● Your VMs run here ● Primary storage is expected to be fault-tolerant, reliable, and performant ● Supported protocols/methods are: ○ Fibre Channel ○ iSCSI ○ CLVM ○ VMFS (VMware only) ○ NFS ○ SharedMountPoint (KVM only) ■ ShareMountPoint can be a cluster-aware filesystem such as OCFS2 or GFS2 ○ Ceph/RBD (KVM only -- very new, and very experimental) ○ Local storage ■ Note: you cannot live-migrate with local storage
Secondary Storage ● Only NFS is supported currently ● Does not need to be as fast or as reliable as primary ● Used to store: ○ Templates ○ Snapshots ○ ISO Images ○ Imported Volumes (temporarily)
How ACS Manages Hosts ● VMware ○ Licensed vCenter is required, individual ESXi hosts can not be managed or accessed by CloudStack ● XenServer, XCP & Xen ○ XAPI is used to manage all Xen based hosts along with a number of other scripts that CloudStack management will deploy ● KVM ○ A combination of cloud-agent (the primary means), libvirt, virsh, and server-side scripts ■ ** Note: Do not run mixed/matched clusters (e.g. Cent and Ubuntu in the same cluster)
CloudStack Network Modes ● Basic Networking Zone ○ Assumes flat public network ○ Assigns public addresses to all instances ○ Uses security groups for guest isolation ○ Less complex configurations and networking ● Advanced Networking Zone ○ VLANs or SDN for guest segregation ○ RFC1918 addresses assigned to instances ○ Security groups not supported ○ VPC supported (virtual private cloud) ○ VPN available (site-to-site and L2TP/IPSec) ○ Inter-VLAN routing (tiered networks) ○ More complex configurations and networking
Host Networking ● Physical interfaces (NICs) ● Tagged interfaces (VLANs) ● Virtual NICs (vNIC on the guest) and their representation on the virtual switch ● Security groups ○ Filtering using ebtables to apply iptables rules within a bridge ● Bridges ○ Know them, love them
Accounts, Domains, Projects, and Users ● Accounts own resources ○ For example: instances, volumes, templates, networks, etc ○ Two accounts, even on the same domain, cannot see each other's resources ● Domains are logical containers for accounts ○ Domains can impose limits on accounts within them ● Users are tied to accounts and are used for authentication ○ Users can access CloudStack via the Web UI and/or API ● Projects own resources and can allow multiple accounts to control/share them same resources ○ One account is delegated the "owner" of the project -- the owner can add/remove other accounts to the project ○ All accounts must be children of the same domain
SDN - Software Defined Networking ● When 4096 VLANs just aren't enough make millions of tunnels instead! ● GRE ○ Simple, universal, supported by Open vSwitch and others ○ GRE has overhead and doesn't correct for it, this can cause problems with packets over 1500 bytes unless tcp adjust mss can be enabled within the tunnel ○ Lightweight, easy to implement and understand ● STT ○ New, promising protocol but not widely implemented ○ No overhead issue ○ Uses TCP offload in NICs to process the tunnel to increase performance
Questions/Discussion Clayton Weise clayton@claytonweise.com Kelcey Jamison-Damage me@kelceydamage.com kelcey@bbits.ca
Thank You

Recommended

Zettabyte File System (ZFS)
Zettabyte File System (ZFS)Zettabyte File System (ZFS)
Zettabyte File System (ZFS)GLC Networks
 
Software Defined Datacenter with Proxmox
Software Defined Datacenter with ProxmoxSoftware Defined Datacenter with Proxmox
Software Defined Datacenter with ProxmoxGLC Networks
 
OSDC 2013 | Distributed Storage with GlusterFS by Dr. Udo Seidel
OSDC 2013 | Distributed Storage with GlusterFS by Dr. Udo SeidelOSDC 2013 | Distributed Storage with GlusterFS by Dr. Udo Seidel
OSDC 2013 | Distributed Storage with GlusterFS by Dr. Udo SeidelNETWAYS
 
Scalable distributed stream_processing
Scalable distributed stream_processingScalable distributed stream_processing
Scalable distributed stream_processingmgarren
 
Dynomite - PerconaLive 2017
Dynomite - PerconaLive 2017Dynomite - PerconaLive 2017
Dynomite - PerconaLive 2017Ioannis Papapanagiotou
 
Lt2013 glusterfs.talk
Lt2013 glusterfs.talkLt2013 glusterfs.talk
Lt2013 glusterfs.talkUdo Seidel
 
Socket programming, and openresty
Socket programming, and openrestySocket programming, and openresty
Socket programming, and openrestyTavish Naruka
 
Ireland Moot 2013 Admin Workshop Afternoon Session
Ireland Moot 2013 Admin Workshop Afternoon SessionIreland Moot 2013 Admin Workshop Afternoon Session
Ireland Moot 2013 Admin Workshop Afternoon SessionRemote-Learner UK
 

Recommended

Zettabyte File System (ZFS)
Zettabyte File System (ZFS)Zettabyte File System (ZFS)
Zettabyte File System (ZFS)GLC Networks
 
Software Defined Datacenter with Proxmox
Software Defined Datacenter with ProxmoxSoftware Defined Datacenter with Proxmox
Software Defined Datacenter with ProxmoxGLC Networks
 
OSDC 2013 | Distributed Storage with GlusterFS by Dr. Udo Seidel
OSDC 2013 | Distributed Storage with GlusterFS by Dr. Udo SeidelOSDC 2013 | Distributed Storage with GlusterFS by Dr. Udo Seidel
OSDC 2013 | Distributed Storage with GlusterFS by Dr. Udo SeidelNETWAYS
 
Scalable distributed stream_processing
Scalable distributed stream_processingScalable distributed stream_processing
Scalable distributed stream_processingmgarren
 
Dynomite - PerconaLive 2017
Dynomite - PerconaLive 2017Dynomite - PerconaLive 2017
Dynomite - PerconaLive 2017Ioannis Papapanagiotou
 
Lt2013 glusterfs.talk
Lt2013 glusterfs.talkLt2013 glusterfs.talk
Lt2013 glusterfs.talkUdo Seidel
 
Socket programming, and openresty
Socket programming, and openrestySocket programming, and openresty
Socket programming, and openrestyTavish Naruka
 
Ireland Moot 2013 Admin Workshop Afternoon Session
Ireland Moot 2013 Admin Workshop Afternoon SessionIreland Moot 2013 Admin Workshop Afternoon Session
Ireland Moot 2013 Admin Workshop Afternoon SessionRemote-Learner UK
 
SAN(EMC) ONLINE TRAINING
SAN(EMC) ONLINE TRAININGSAN(EMC) ONLINE TRAINING
SAN(EMC) ONLINE TRAININGsoftnsol anusha
 
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vosOSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vosNETWAYS
 
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820innov-acts-ltd
 
Running OpenStack in Production - Barcamp Saigon 2016
Running OpenStack in Production - Barcamp Saigon 2016Running OpenStack in Production - Barcamp Saigon 2016
Running OpenStack in Production - Barcamp Saigon 2016Thang Man
 
Messaging for the cloud
Messaging for the cloudMessaging for the cloud
Messaging for the clouddejanb
 
Dynamic routing in microservice oriented architecture
Dynamic routing in microservice oriented architectureDynamic routing in microservice oriented architecture
Dynamic routing in microservice oriented architectureDaniel Leon
 
RPC in Smalltalk
RPC in Smalltalk RPC in Smalltalk
RPC in SmalltalkESUG
 
GlusterD 2.0 - Managing Distributed File System Using a Centralized Store
GlusterD 2.0 - Managing Distributed File System Using a Centralized StoreGlusterD 2.0 - Managing Distributed File System Using a Centralized Store
GlusterD 2.0 - Managing Distributed File System Using a Centralized StoreAtin Mukherjee
 
OpenNebula LXD Container Support overview
OpenNebula LXD Container Support overviewOpenNebula LXD Container Support overview
OpenNebula LXD Container Support overviewCSUC - Consorci de Serveis Universitaris de Catalunya
 
State of the_gluster_-_lceu
State of the_gluster_-_lceuState of the_gluster_-_lceu
State of the_gluster_-_lceuGluster.org
 
Guest Agents: Support & Implementation
Guest Agents: Support & ImplementationGuest Agents: Support & Implementation
Guest Agents: Support & ImplementationMirantis
 
Introduction to AdroitLogic and UltraESB
Introduction to AdroitLogic and UltraESBIntroduction to AdroitLogic and UltraESB
Introduction to AdroitLogic and UltraESBAdroitLogic
 
SDN Programming with Go
SDN Programming with GoSDN Programming with Go
SDN Programming with GoDonaldson Tan
 
NATS vs HTTP
NATS vs HTTPNATS vs HTTP
NATS vs HTTPApcera
 
Third-party software management under BSD
Third-party software management under BSDThird-party software management under BSD
Third-party software management under BSDAndrew Pantyukhin
 
Cloud Standards and CloudStack
Cloud Standards and CloudStackCloud Standards and CloudStack
Cloud Standards and CloudStackSebastien Goasguen
 
Intro to Cloudstack
Intro to CloudstackIntro to Cloudstack
Intro to CloudstackSebastien Goasguen
 
CloudStack for Java User Group
CloudStack for Java User GroupCloudStack for Java User Group
CloudStack for Java User GroupSebastien Goasguen
 
DevCloud and CloudMonkey
DevCloud and CloudMonkeyDevCloud and CloudMonkey
DevCloud and CloudMonkeySebastien Goasguen
 
Apache CloudStack AlpesJUG
Apache CloudStack AlpesJUGApache CloudStack AlpesJUG
Apache CloudStack AlpesJUGSebastien Goasguen
 
CloudStack Conference Public Clouds Use Cases
CloudStack Conference Public Clouds Use CasesCloudStack Conference Public Clouds Use Cases
CloudStack Conference Public Clouds Use CasesSebastien Goasguen
 
OpenNebulaConf2018 - Is Hyperconverged Infrastructure what you need? - Boyan ...
OpenNebulaConf2018 - Is Hyperconverged Infrastructure what you need? - Boyan ...OpenNebulaConf2018 - Is Hyperconverged Infrastructure what you need? - Boyan ...
OpenNebulaConf2018 - Is Hyperconverged Infrastructure what you need? - Boyan ...OpenNebula Project
 

More Related Content

What's hot

SAN(EMC) ONLINE TRAINING
SAN(EMC) ONLINE TRAININGSAN(EMC) ONLINE TRAINING
SAN(EMC) ONLINE TRAININGsoftnsol anusha
 
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vosOSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vosNETWAYS
 
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820innov-acts-ltd
 
Running OpenStack in Production - Barcamp Saigon 2016
Running OpenStack in Production - Barcamp Saigon 2016Running OpenStack in Production - Barcamp Saigon 2016
Running OpenStack in Production - Barcamp Saigon 2016Thang Man
 
Messaging for the cloud
Messaging for the cloudMessaging for the cloud
Messaging for the clouddejanb
 
Dynamic routing in microservice oriented architecture
Dynamic routing in microservice oriented architectureDynamic routing in microservice oriented architecture
Dynamic routing in microservice oriented architectureDaniel Leon
 
RPC in Smalltalk
RPC in Smalltalk RPC in Smalltalk
RPC in SmalltalkESUG
 
GlusterD 2.0 - Managing Distributed File System Using a Centralized Store
GlusterD 2.0 - Managing Distributed File System Using a Centralized StoreGlusterD 2.0 - Managing Distributed File System Using a Centralized Store
GlusterD 2.0 - Managing Distributed File System Using a Centralized StoreAtin Mukherjee
 
State of the_gluster_-_lceu
State of the_gluster_-_lceuState of the_gluster_-_lceu
State of the_gluster_-_lceuGluster.org
 
Guest Agents: Support & Implementation
Guest Agents: Support & ImplementationGuest Agents: Support & Implementation
Guest Agents: Support & ImplementationMirantis
 
Introduction to AdroitLogic and UltraESB
Introduction to AdroitLogic and UltraESBIntroduction to AdroitLogic and UltraESB
Introduction to AdroitLogic and UltraESBAdroitLogic
 
SDN Programming with Go
SDN Programming with GoSDN Programming with Go
SDN Programming with GoDonaldson Tan
 
NATS vs HTTP
NATS vs HTTPNATS vs HTTP
NATS vs HTTPApcera
 
Third-party software management under BSD
Third-party software management under BSDThird-party software management under BSD
Third-party software management under BSDAndrew Pantyukhin
 

What's hot (15)

SAN(EMC) ONLINE TRAINING
SAN(EMC) ONLINE TRAININGSAN(EMC) ONLINE TRAINING
SAN(EMC) ONLINE TRAINING
 
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vosOSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
 
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820
 
Running OpenStack in Production - Barcamp Saigon 2016
Running OpenStack in Production - Barcamp Saigon 2016Running OpenStack in Production - Barcamp Saigon 2016
Running OpenStack in Production - Barcamp Saigon 2016
 
Messaging for the cloud
Messaging for the cloudMessaging for the cloud
Messaging for the cloud
 
Dynamic routing in microservice oriented architecture
Dynamic routing in microservice oriented architectureDynamic routing in microservice oriented architecture
Dynamic routing in microservice oriented architecture
 
RPC in Smalltalk
RPC in Smalltalk RPC in Smalltalk
RPC in Smalltalk
 
GlusterD 2.0 - Managing Distributed File System Using a Centralized Store
GlusterD 2.0 - Managing Distributed File System Using a Centralized StoreGlusterD 2.0 - Managing Distributed File System Using a Centralized Store
GlusterD 2.0 - Managing Distributed File System Using a Centralized Store
 
OpenNebula LXD Container Support overview
OpenNebula LXD Container Support overviewOpenNebula LXD Container Support overview
OpenNebula LXD Container Support overview
 
State of the_gluster_-_lceu
State of the_gluster_-_lceuState of the_gluster_-_lceu
State of the_gluster_-_lceu
 
Guest Agents: Support & Implementation
Guest Agents: Support & ImplementationGuest Agents: Support & Implementation
Guest Agents: Support & Implementation
 
Introduction to AdroitLogic and UltraESB
Introduction to AdroitLogic and UltraESBIntroduction to AdroitLogic and UltraESB
Introduction to AdroitLogic and UltraESB
 
SDN Programming with Go
SDN Programming with GoSDN Programming with Go
SDN Programming with Go
 
NATS vs HTTP
NATS vs HTTPNATS vs HTTP
NATS vs HTTP
 
Third-party software management under BSD
Third-party software management under BSDThird-party software management under BSD
Third-party software management under BSD
 

Viewers also liked

Cloud Standards and CloudStack
Cloud Standards and CloudStackCloud Standards and CloudStack
Cloud Standards and CloudStackSebastien Goasguen
 
CloudStack for Java User Group
CloudStack for Java User GroupCloudStack for Java User Group
CloudStack for Java User GroupSebastien Goasguen
 
CloudStack Conference Public Clouds Use Cases
CloudStack Conference Public Clouds Use CasesCloudStack Conference Public Clouds Use Cases
CloudStack Conference Public Clouds Use CasesSebastien Goasguen
 

Viewers also liked (6)

Cloud Standards and CloudStack
Cloud Standards and CloudStackCloud Standards and CloudStack
Cloud Standards and CloudStack
 
Intro to Cloudstack
Intro to CloudstackIntro to Cloudstack
Intro to Cloudstack
 
CloudStack for Java User Group
CloudStack for Java User GroupCloudStack for Java User Group
CloudStack for Java User Group
 
DevCloud and CloudMonkey
DevCloud and CloudMonkeyDevCloud and CloudMonkey
DevCloud and CloudMonkey
 
Apache CloudStack AlpesJUG
Apache CloudStack AlpesJUGApache CloudStack AlpesJUG
Apache CloudStack AlpesJUG
 
CloudStack Conference Public Clouds Use Cases
CloudStack Conference Public Clouds Use CasesCloudStack Conference Public Clouds Use Cases
CloudStack Conference Public Clouds Use Cases
 

Similar to CloudStack In Production

OpenNebulaConf2018 - Is Hyperconverged Infrastructure what you need? - Boyan ...
OpenNebulaConf2018 - Is Hyperconverged Infrastructure what you need? - Boyan ...OpenNebulaConf2018 - Is Hyperconverged Infrastructure what you need? - Boyan ...
OpenNebulaConf2018 - Is Hyperconverged Infrastructure what you need? - Boyan ...OpenNebula Project
 
Kubernetes from scratch at veepee sysadmins days 2019
Kubernetes from scratch at veepee sysadmins days 2019Kubernetes from scratch at veepee sysadmins days 2019
Kubernetes from scratch at veepee sysadmins days 2019🔧 Loïc BLOT
 
OpenNebulaConf2015 1.10 OpenNebula Networking: SDNs & NFVs - Ruben S. Montero
OpenNebulaConf2015 1.10 OpenNebula Networking: SDNs & NFVs - Ruben S. MonteroOpenNebulaConf2015 1.10 OpenNebula Networking: SDNs & NFVs - Ruben S. Montero
OpenNebulaConf2015 1.10 OpenNebula Networking: SDNs & NFVs - Ruben S. MonteroOpenNebula Project
 
Linux Stammtisch Munich: Ceph - Overview, Experiences and Outlook
Linux Stammtisch Munich: Ceph - Overview, Experiences and OutlookLinux Stammtisch Munich: Ceph - Overview, Experiences and Outlook
Linux Stammtisch Munich: Ceph - Overview, Experiences and OutlookDanny Al-Gaaf
 
OpenStack Best Practices and Considerations - terasky tech day
OpenStack Best Practices and Considerations - terasky tech dayOpenStack Best Practices and Considerations - terasky tech day
OpenStack Best Practices and Considerations - terasky tech dayArthur Berezin
 
OpenNebula Networking - Rubén S. Montero
OpenNebula Networking - Rubén S. MonteroOpenNebula Networking - Rubén S. Montero
OpenNebula Networking - Rubén S. MonteroOpenNebula Project
 
99.999% Available OpenStack Cloud - A Builder's Guide
99.999% Available OpenStack Cloud - A Builder's Guide99.999% Available OpenStack Cloud - A Builder's Guide
99.999% Available OpenStack Cloud - A Builder's GuideDanny Al-Gaaf
 
Security of Linux containers in the cloud
Security of Linux containers in the cloudSecurity of Linux containers in the cloud
Security of Linux containers in the cloudDobrica Pavlinušić
 
Dreamhost deploying dreamcompute at scale
Dreamhost deploying dreamcompute at scaleDreamhost deploying dreamcompute at scale
Dreamhost deploying dreamcompute at scaleCumulus Networks
 
CEPH DAY BERLIN - WHAT'S NEW IN CEPH
CEPH DAY BERLIN - WHAT'S NEW IN CEPH CEPH DAY BERLIN - WHAT'S NEW IN CEPH
CEPH DAY BERLIN - WHAT'S NEW IN CEPH Ceph Community
 
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking ShapeBlue
 
OpenShift Virtualization- Technical Overview.pdf
OpenShift Virtualization- Technical Overview.pdfOpenShift Virtualization- Technical Overview.pdf
OpenShift Virtualization- Technical Overview.pdfssuser1490e8
 
The State of Ceph, Manila, and Containers in OpenStack
The State of Ceph, Manila, and Containers in OpenStackThe State of Ceph, Manila, and Containers in OpenStack
The State of Ceph, Manila, and Containers in OpenStackSage Weil
 
Open stack HA - Theory to Reality
Open stack HA - Theory to RealityOpen stack HA - Theory to Reality
Open stack HA - Theory to RealitySriram Subramanian
 
2021.02 new in Ceph Pacific Dashboard
2021.02 new in Ceph Pacific Dashboard2021.02 new in Ceph Pacific Dashboard
2021.02 new in Ceph Pacific DashboardCeph Community
 
KubeCon + CloudNative Con NA 2021 | A New Generation of NATS
KubeCon + CloudNative Con NA 2021 | A New Generation of NATSKubeCon + CloudNative Con NA 2021 | A New Generation of NATS
KubeCon + CloudNative Con NA 2021 | A New Generation of NATSNATS
 
CloudStack - LinuxFest NorthWest
CloudStack - LinuxFest NorthWestCloudStack - LinuxFest NorthWest
CloudStack - LinuxFest NorthWestke4qqq
 
Openstack overview thomas-goirand
Openstack overview thomas-goirandOpenstack overview thomas-goirand
Openstack overview thomas-goirandOpenCity Community
 
DOST: Ceph in a security critical OpenStack cloud
DOST: Ceph in a security critical OpenStack cloudDOST: Ceph in a security critical OpenStack cloud
DOST: Ceph in a security critical OpenStack cloudDanny Al-Gaaf
 

Similar to CloudStack In Production (20)

OpenNebulaConf2018 - Is Hyperconverged Infrastructure what you need? - Boyan ...
OpenNebulaConf2018 - Is Hyperconverged Infrastructure what you need? - Boyan ...OpenNebulaConf2018 - Is Hyperconverged Infrastructure what you need? - Boyan ...
OpenNebulaConf2018 - Is Hyperconverged Infrastructure what you need? - Boyan ...
 
Kubernetes from scratch at veepee sysadmins days 2019
Kubernetes from scratch at veepee sysadmins days 2019Kubernetes from scratch at veepee sysadmins days 2019
Kubernetes from scratch at veepee sysadmins days 2019
 
OpenNebulaConf2015 1.10 OpenNebula Networking: SDNs & NFVs - Ruben S. Montero
OpenNebulaConf2015 1.10 OpenNebula Networking: SDNs & NFVs - Ruben S. MonteroOpenNebulaConf2015 1.10 OpenNebula Networking: SDNs & NFVs - Ruben S. Montero
OpenNebulaConf2015 1.10 OpenNebula Networking: SDNs & NFVs - Ruben S. Montero
 
Linux Stammtisch Munich: Ceph - Overview, Experiences and Outlook
Linux Stammtisch Munich: Ceph - Overview, Experiences and OutlookLinux Stammtisch Munich: Ceph - Overview, Experiences and Outlook
Linux Stammtisch Munich: Ceph - Overview, Experiences and Outlook
 
OpenStack Best Practices and Considerations - terasky tech day
OpenStack Best Practices and Considerations - terasky tech dayOpenStack Best Practices and Considerations - terasky tech day
OpenStack Best Practices and Considerations - terasky tech day
 
OpenNebula Networking - Rubén S. Montero
OpenNebula Networking - Rubén S. MonteroOpenNebula Networking - Rubén S. Montero
OpenNebula Networking - Rubén S. Montero
 
99.999% Available OpenStack Cloud - A Builder's Guide
99.999% Available OpenStack Cloud - A Builder's Guide99.999% Available OpenStack Cloud - A Builder's Guide
99.999% Available OpenStack Cloud - A Builder's Guide
 
Security of Linux containers in the cloud
Security of Linux containers in the cloudSecurity of Linux containers in the cloud
Security of Linux containers in the cloud
 
Dreamhost deploying dreamcompute at scale
Dreamhost deploying dreamcompute at scaleDreamhost deploying dreamcompute at scale
Dreamhost deploying dreamcompute at scale
 
CEPH DAY BERLIN - WHAT'S NEW IN CEPH
CEPH DAY BERLIN - WHAT'S NEW IN CEPH CEPH DAY BERLIN - WHAT'S NEW IN CEPH
CEPH DAY BERLIN - WHAT'S NEW IN CEPH
 
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
 
OpenShift Virtualization- Technical Overview.pdf
OpenShift Virtualization- Technical Overview.pdfOpenShift Virtualization- Technical Overview.pdf
OpenShift Virtualization- Technical Overview.pdf
 
The State of Ceph, Manila, and Containers in OpenStack
The State of Ceph, Manila, and Containers in OpenStackThe State of Ceph, Manila, and Containers in OpenStack
The State of Ceph, Manila, and Containers in OpenStack
 
Open stack HA - Theory to Reality
Open stack HA - Theory to RealityOpen stack HA - Theory to Reality
Open stack HA - Theory to Reality
 
Apache CloudStack from API to UI
Apache CloudStack from API to UIApache CloudStack from API to UI
Apache CloudStack from API to UI
 
2021.02 new in Ceph Pacific Dashboard
2021.02 new in Ceph Pacific Dashboard2021.02 new in Ceph Pacific Dashboard
2021.02 new in Ceph Pacific Dashboard
 
KubeCon + CloudNative Con NA 2021 | A New Generation of NATS
KubeCon + CloudNative Con NA 2021 | A New Generation of NATSKubeCon + CloudNative Con NA 2021 | A New Generation of NATS
KubeCon + CloudNative Con NA 2021 | A New Generation of NATS
 
CloudStack - LinuxFest NorthWest
CloudStack - LinuxFest NorthWestCloudStack - LinuxFest NorthWest
CloudStack - LinuxFest NorthWest
 
Openstack overview thomas-goirand
Openstack overview thomas-goirandOpenstack overview thomas-goirand
Openstack overview thomas-goirand
 
DOST: Ceph in a security critical OpenStack cloud
DOST: Ceph in a security critical OpenStack cloudDOST: Ceph in a security critical OpenStack cloud
DOST: Ceph in a security critical OpenStack cloud
 

Recently uploaded

Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

CloudStack In Production

  • 2. What CloudStack Is ● CloudStack is a cloud management platform (CMP) ○ Hypervisors ○ Layer 2 Network - VLANs / Security Groups / SDN ○ Layer 3 Network - Firewall / Router / VPN / Load Balancer ○ Storage - Primary / Secondary ● CloudStack can be managed via API and/or a pretty Web GUI
  • 3. What CloudStack Isn't ● CloudStack is not a drop-in replacement for tools such as Virt Manager, XenCenter, and the vSphere Client
  • 4. CloudStack Hierarchy ● Zone = Datacenter ○ Network mode (basic or advanced) ○ Secondary storage ● Pod = Rack ○ Logical grouping of clusters ● Cluster = Grouping of hosts ○ Shared primary storage ● Host = Server ○ Link-local interfaces (all but VMware) ● Instance = VM
  • 5. Infrastructure Components ● Management Services (Web UI, API, Database) ● Hosts (Servers) ● Guests (VMs/Instances) ● Primary Storage ○ Where your VMs live ● Secondary Storage ○ Static content -- ISO Images, Snapshots, Templates, etc ● Network Components (switches, VLANs, etc) ○ Switches, VLANs, SDN, virtual routers, external CloudStack managed devices such as Juniper SRX, NetScaler, F5, etc
  • 6. Primary Storage ● Your VMs run here ● Primary storage is expected to be fault-tolerant, reliable, and performant ● Supported protocols/methods are: ○ Fibre Channel ○ iSCSI ○ CLVM ○ VMFS (VMware only) ○ NFS ○ SharedMountPoint (KVM only) ■ ShareMountPoint can be a cluster-aware filesystem such as OCFS2 or GFS2 ○ Ceph/RBD (KVM only -- very new, and very experimental) ○ Local storage ■ Note: you cannot live-migrate with local storage
  • 7. Secondary Storage ● Only NFS is supported currently ● Does not need to be as fast or as reliable as primary ● Used to store: ○ Templates ○ Snapshots ○ ISO Images ○ Imported Volumes (temporarily)
  • 8. How ACS Manages Hosts ● VMware ○ Licensed vCenter is required, individual ESXi hosts can not be managed or accessed by CloudStack ● XenServer, XCP & Xen ○ XAPI is used to manage all Xen based hosts along with a number of other scripts that CloudStack management will deploy ● KVM ○ A combination of cloud-agent (the primary means), libvirt, virsh, and server-side scripts ■ ** Note: Do not run mixed/matched clusters (e.g. Cent and Ubuntu in the same cluster)
  • 9. CloudStack Network Modes ● Basic Networking Zone ○ Assumes flat public network ○ Assigns public addresses to all instances ○ Uses security groups for guest isolation ○ Less complex configurations and networking ● Advanced Networking Zone ○ VLANs or SDN for guest segregation ○ RFC1918 addresses assigned to instances ○ Security groups not supported ○ VPC supported (virtual private cloud) ○ VPN available (site-to-site and L2TP/IPSec) ○ Inter-VLAN routing (tiered networks) ○ More complex configurations and networking
  • 10. Host Networking ● Physical interfaces (NICs) ● Tagged interfaces (VLANs) ● Virtual NICs (vNIC on the guest) and their representation on the virtual switch ● Security groups ○ Filtering using ebtables to apply iptables rules within a bridge ● Bridges ○ Know them, love them
  • 11. Accounts, Domains, Projects, and Users ● Accounts own resources ○ For example: instances, volumes, templates, networks, etc ○ Two accounts, even on the same domain, cannot see each other's resources ● Domains are logical containers for accounts ○ Domains can impose limits on accounts within them ● Users are tied to accounts and are used for authentication ○ Users can access CloudStack via the Web UI and/or API ● Projects own resources and can allow multiple accounts to control/share them same resources ○ One account is delegated the "owner" of the project -- the owner can add/remove other accounts to the project ○ All accounts must be children of the same domain
  • 12. SDN - Software Defined Networking ● When 4096 VLANs just aren't enough make millions of tunnels instead! ● GRE ○ Simple, universal, supported by Open vSwitch and others ○ GRE has overhead and doesn't correct for it, this can cause problems with packets over 1500 bytes unless tcp adjust mss can be enabled within the tunnel ○ Lightweight, easy to implement and understand ● STT ○ New, promising protocol but not widely implemented ○ No overhead issue ○ Uses TCP offload in NICs to process the tunnel to increase performance