Software Defined Networking is seeing a lot of momentum these days. With server virtualization solving the virtual machines problem, and large scale object storage solving the distributed storage challenge, SDN is seen as key in virtual networking.
In this talk we don't try to define SDN but rather dive straight into what in our opinion is the core enabled of SDN: the virtual switch OVS.
OVS can help manage VLAN for guest network isolation, it can re-route any traffic at L2-L4 by keeping forwarding tables controlled by a remote controller (Openfow controller). We show these few OVS capabilities and highlight how they are used in CloudStack and Xen.
Xen Summit presentation of CloudStack and Software Defined Networks. OpenVswitch is the default bridge in Xen and supported in XenServer and Xen Cloud Platform
News And Development Update Of The CloudStack Tungsten Fabric SDN Plug-inShapeBlue
This talk involved a demo of the Tungsten Fabric Plugin and details what the important features are.
Sven Vogel is a German IT-Specialist with 15+ years experience in IT and member of the Apache Software Foundation. Before he got invited to join the mother foundation, he has been the Chairman / VP of Apache Cloudstack and an active Committer for a few years. He is well-known for driving various projects and supporting everyone who needs technological exchange, advise or upskilling. His interest in cloud-technologies is both - his professional and personal passion and he looks forward meeting you to talk about why system-relevant institutions need our help as open source technologists.
-----------------------------------------
CloudStack Collaboration Conference 2022 took place on 14th-16th November in Sofia, Bulgaria and virtually. The day saw a hybrid get-together of the global CloudStack community hosting 370 attendees. The event hosted 43 sessions from leading CloudStack experts, users and skilful engineers from the open-source world, which included: technical talks, user stories, new features and integrations presentations and more.
How To Monetise & Bill CloudStack - A Practical Open ApproachShapeBlue
This talk is for ISPs looking to bill CloudStack resources, and for software developers looking to build a billing solution around CloudStack. This talk looks at covering multiple business and technical use cases (for example: plans, catalogues, flexible billing, tiered offerings, account management, etc.) for running a public cloud and how the same can be achieved using CloudStack. It does not delve into any specific billing system but instead focuses on an open approach to how ACS features can be leveraged to implement billing and monetise CloudStack.
Shiv is the Co-Founder and CTO of IndiQus Technologies Pvt. Ltd. and a CloudStack user turned evangelist since 2013. He loves tinkering on CloudStack and the possibilities it offers. He has deployed multiple public and private clouds running CloudStack in the South Asian region and has also integrated legacy systems with CloudStack. He would love to share his experiences with like-minded professionals.
-----------------------------------------
CloudStack Collaboration Conference 2022 took place on 14th-16th November in Sofia, Bulgaria and virtually. The day saw a hybrid get-together of the global CloudStack community hosting 370 attendees. The event hosted 43 sessions from leading CloudStack experts, users and skilful engineers from the open-source world, which included: technical talks, user stories, new features and integrations presentations and more.
News And Development Update Of The CloudStack Tungsten Fabric SDN Plug-inShapeBlue
This talk involved a demo of the Tungsten Fabric Plugin and details what the important features are.
Sven Vogel is a German IT-Specialist with 15+ years experience in IT and member of the Apache Software Foundation. Before he got invited to join the mother foundation, he has been the Chairman / VP of Apache Cloudstack and an active Committer for a few years. He is well-known for driving various projects and supporting everyone who needs technological exchange, advise or upskilling. His interest in cloud-technologies is both - his professional and personal passion and he looks forward meeting you to talk about why system-relevant institutions need our help as open source technologists.
-----------------------------------------
CloudStack Collaboration Conference 2022 took place on 14th-16th November in Sofia, Bulgaria and virtually. The day saw a hybrid get-together of the global CloudStack community hosting 370 attendees. The event hosted 43 sessions from leading CloudStack experts, users and skilful engineers from the open-source world, which included: technical talks, user stories, new features and integrations presentations and more.
How To Monetise & Bill CloudStack - A Practical Open ApproachShapeBlue
This talk is for ISPs looking to bill CloudStack resources, and for software developers looking to build a billing solution around CloudStack. This talk looks at covering multiple business and technical use cases (for example: plans, catalogues, flexible billing, tiered offerings, account management, etc.) for running a public cloud and how the same can be achieved using CloudStack. It does not delve into any specific billing system but instead focuses on an open approach to how ACS features can be leveraged to implement billing and monetise CloudStack.
Shiv is the Co-Founder and CTO of IndiQus Technologies Pvt. Ltd. and a CloudStack user turned evangelist since 2013. He loves tinkering on CloudStack and the possibilities it offers. He has deployed multiple public and private clouds running CloudStack in the South Asian region and has also integrated legacy systems with CloudStack. He would love to share his experiences with like-minded professionals.
-----------------------------------------
CloudStack Collaboration Conference 2022 took place on 14th-16th November in Sofia, Bulgaria and virtually. The day saw a hybrid get-together of the global CloudStack community hosting 370 attendees. The event hosted 43 sessions from leading CloudStack experts, users and skilful engineers from the open-source world, which included: technical talks, user stories, new features and integrations presentations and more.
High availability of a messaging system is essential. This is especially true for IBM MQ systems which are absolutely critical to the smooth running of many enterprises. IBM MQ Advanced made achieving high availability even easier with Replicated Data Queue Managers. Learn how this and other HA capabilities fits into a system that provides both high availability of the messaging system as a whole and every last piece of critical messaging data that you care about.
IBM MQ and Kafka, what is the difference?David Ware
Message queueing solutions used to be the one general purpose tool used for all asynchronous application patterns, then along came event streaming as an application model. To support this effectively needed a whole new approach to how messages are handled by the messaging technology. Now the tables are turned and many are wondering if an event streaming solution can be used for all their asynchronous application patterns from now on. But just as message queueing solutions work in a way to optimize for their core use cases, so do event streaming solutions, and these behaviors directly affect the applications that use them. This session picks IBM MQ and Kafka to look at how they compare and, more importantly, differ in their behavior so that you can decide which application scenarios are best suited by each. Spoiler -they're both good in their own way!
What CloudStackers Need To Know About LINSTOR/DRBDShapeBlue
Philipp explains the best performing Open Source software-defined storage software available to Apache CloudStack today. It consists of two well-concerted components. LINSTOR and DRBD. Each of them also has its independent use cases, where it is deployed alone. In this presentation, the combination of these two is examined. They form the control plane and the data plane of the SDS. We will touch on: Performance, scalability, hyper-convergence (data-locality for high IO performance), resiliency through data replication (synchronous within a site, 2-way, 3-way, or more), snapshots, backup (to S3), encryption at rest, deduplication, compression, placement policies (regarding failure domains), management CLI and webGUI, monitoring interface, self-healing (restoring redundancy after device/node failure), the federation of multiple sites (async mirroring and repeatedly snapshot difference shipping), QoS control (noisy neighbors limitation) and of course: complete integration with CloudStack for KVM guests. It is Open Source software following the Unix philosophy. Each component solves one task, made for maximal re-usability. The solution leverages the Linux kernel, LVM and/or ZFS, and many Open Source software libraries. Building on these giant Open Source foundations, not only saves LINBIT from re-inventing the wheels, it also empowers your day 2 operation teams since they are already familiar with these technologies.
Philipp Reisner is one of the founders and CEO of LINBIT in Vienna/Austria. He holds a Dipl.-Ing. (comparable to MSc) degree in computer science from Technical University in Vienna. His professional career has been dominated by developing DRBD, a storage replication software for Linux. While in the early years (2001) this was writing kernel code, today he leads a company of 30 employees with locations in Austria and the USA. LINBIT is an Open Source company offering enterprise-level support subscriptions for its Open Source technologies.
-----------------------------------------
CloudStack Collaboration Conference 2022 took place on 14th-16th November in Sofia, Bulgaria and virtually. The day saw a hybrid get-together of the global CloudStack community hosting 370 attendees. The event hosted 43 sessions from leading CloudStack experts, users and skilful engineers from the open-source world, which included: technical talks, user stories, new features and integrations presentations and more.
Building an Active-Active IBM MQ Systemmatthew1001
Shows how message availability and service availability can be configured to reduce downtime and improve overall availability of your MQ network. Demonstrates how Uniform Clusters can be used to help keep your service availability high.
KVM High Availability Regardless of Storage - Gabriel Brascher, VP of Apache ...ShapeBlue
Having High Availability enabled for KVM Hosts can improve greatly the QoS by handling (fence/recover) a problematic Host as well as re-starting its stopped VMs on healthy hosts. However, there is a limitation on CloudStack HA for KVM; it relies mainly on NFS heartbeat script checks. This Talk illustrates how CloudStack HA works for KVM hosts and it presents a way of improving its implementation in a way that KVM HA works with any storage system pluggable on KVM, not just NFS.
About Gabriel Brasher - https://blogs.apache.org/cloudstack/
------------------------------------------
CloudStack European User Group Virtual happened on May 27th. The first CSEUG Virtual proved to be a huge success. It collected people from 23 countries – Germany, the United Kingdom, Switzerland, India, Bulgaria, Greece, Poland, Serbia, Brazil, Chile, Russia, USA, Canada, Japan, France, Uruguay, Korea …
We also had a record number of registrations and attendees for a CloudStack User Group Event. The physical distance was not a stopper for our speakers, who joined the event from 6 different countries.
------------------------------------------
About CloudStack: https://cloudstack.apache.org/
Intro video here - https://youtu.be/MWsoXPFHY5Q
Can you afford an outage? What happens if one occurs? IBM MQ brings you the capabilities to build active-active solutions for continuous availability and to scale out a system horizontally. This presentation shows you how to use MQ to its fullest, stepping away from single queue managers and utilising MQ clusters and the new Uniform Cluster pattern which automatically keeps your applications balanced, no matter what happens.
Speaker: Chris Du Preez
Host: Angel Alberici
Youtube: Virtual Muleys (https://www.youtube.com/c/VirtualMuleysOnline/videos)
Meetups: https://meetups.mulesoft.com/events/details/mulesoft-online-group-english-presents-runtime-fabric-rtf-foundations/
Runtime Fabric Foundations. Tune in this time to get a full overview around RTF: architecture, learning paths, tips, how to avoid pitfalls and more. Time to learn. Chris Du Preez will be guiding us through this 50 minutes session!
Anypoint Runtime Fabric is a container service that automates the deployment and orchestration of Mule applications and API gateways. Runtime Fabric runs within a customer-managed infrastructure on AWS, Azure, virtual machines (VMs), and bare-metal servers. (Find out more: https://docs.mulesoft.com/runtime-fabric/1.7/)
CloudStack allows various life cycle operations for a Virtual Machine (VM). It maintains queues internally, to sync and perform all these operations. This talk briefs about how job queues are maintained in CloudStack, to execute the VM operations, followed by a demo.
Suresh Anaparti is a software architect at ShapeBlue, the largest independent integrator of CloudStack technologies globally. He has over 15 years of end-to-end product development experience in Cloud Infrastructure, Telecom and Geospatial technologies. He is an active Apache CloudStack committer/contributor and is currently working with ShapeBlue. He has been working on CloudStack development for more than 5 years.
-----------------------------------------
The CloudStack European User Group 2022 took place on 7th April. The day saw a virtual get together for the European CloudStack Community, hosting 265 attendees from 25 countries. The event hosted 10 sessions with from leading CloudStack experts, users and skilful engineers from the open-source world, which included: technical talks, user stories, new features and integrations presentations and more.
------------------------------------------
About CloudStack: https://cloudstack.apache.org/
Ansible is simple open source IT engine which automates application deployment,intra service orchestration,cloud provisioning and many other IT tools.we will discuss what is ansible ,its feature ,architecture,writing ansible playbook,ansible role and ansible vs chef.
Presentation by Hugo Trippaers from Schuberg Phillis, he talks about Software Defined Networking and its application in cloud computing. Hugo implemented the integration of the Nicira private gateway in Apache CloudStack. He also covers midonet from Midokura, the BigSwitch virtual wit and the native SDN controller in CloudsStack which uses GRE tunnels. SDN allows to dynamically configure and manage virtual network, this allows for easy provisioning of tenant's network in teh cloud
High availability of a messaging system is essential. This is especially true for IBM MQ systems which are absolutely critical to the smooth running of many enterprises. IBM MQ Advanced made achieving high availability even easier with Replicated Data Queue Managers. Learn how this and other HA capabilities fits into a system that provides both high availability of the messaging system as a whole and every last piece of critical messaging data that you care about.
IBM MQ and Kafka, what is the difference?David Ware
Message queueing solutions used to be the one general purpose tool used for all asynchronous application patterns, then along came event streaming as an application model. To support this effectively needed a whole new approach to how messages are handled by the messaging technology. Now the tables are turned and many are wondering if an event streaming solution can be used for all their asynchronous application patterns from now on. But just as message queueing solutions work in a way to optimize for their core use cases, so do event streaming solutions, and these behaviors directly affect the applications that use them. This session picks IBM MQ and Kafka to look at how they compare and, more importantly, differ in their behavior so that you can decide which application scenarios are best suited by each. Spoiler -they're both good in their own way!
What CloudStackers Need To Know About LINSTOR/DRBDShapeBlue
Philipp explains the best performing Open Source software-defined storage software available to Apache CloudStack today. It consists of two well-concerted components. LINSTOR and DRBD. Each of them also has its independent use cases, where it is deployed alone. In this presentation, the combination of these two is examined. They form the control plane and the data plane of the SDS. We will touch on: Performance, scalability, hyper-convergence (data-locality for high IO performance), resiliency through data replication (synchronous within a site, 2-way, 3-way, or more), snapshots, backup (to S3), encryption at rest, deduplication, compression, placement policies (regarding failure domains), management CLI and webGUI, monitoring interface, self-healing (restoring redundancy after device/node failure), the federation of multiple sites (async mirroring and repeatedly snapshot difference shipping), QoS control (noisy neighbors limitation) and of course: complete integration with CloudStack for KVM guests. It is Open Source software following the Unix philosophy. Each component solves one task, made for maximal re-usability. The solution leverages the Linux kernel, LVM and/or ZFS, and many Open Source software libraries. Building on these giant Open Source foundations, not only saves LINBIT from re-inventing the wheels, it also empowers your day 2 operation teams since they are already familiar with these technologies.
Philipp Reisner is one of the founders and CEO of LINBIT in Vienna/Austria. He holds a Dipl.-Ing. (comparable to MSc) degree in computer science from Technical University in Vienna. His professional career has been dominated by developing DRBD, a storage replication software for Linux. While in the early years (2001) this was writing kernel code, today he leads a company of 30 employees with locations in Austria and the USA. LINBIT is an Open Source company offering enterprise-level support subscriptions for its Open Source technologies.
-----------------------------------------
CloudStack Collaboration Conference 2022 took place on 14th-16th November in Sofia, Bulgaria and virtually. The day saw a hybrid get-together of the global CloudStack community hosting 370 attendees. The event hosted 43 sessions from leading CloudStack experts, users and skilful engineers from the open-source world, which included: technical talks, user stories, new features and integrations presentations and more.
Building an Active-Active IBM MQ Systemmatthew1001
Shows how message availability and service availability can be configured to reduce downtime and improve overall availability of your MQ network. Demonstrates how Uniform Clusters can be used to help keep your service availability high.
KVM High Availability Regardless of Storage - Gabriel Brascher, VP of Apache ...ShapeBlue
Having High Availability enabled for KVM Hosts can improve greatly the QoS by handling (fence/recover) a problematic Host as well as re-starting its stopped VMs on healthy hosts. However, there is a limitation on CloudStack HA for KVM; it relies mainly on NFS heartbeat script checks. This Talk illustrates how CloudStack HA works for KVM hosts and it presents a way of improving its implementation in a way that KVM HA works with any storage system pluggable on KVM, not just NFS.
About Gabriel Brasher - https://blogs.apache.org/cloudstack/
------------------------------------------
CloudStack European User Group Virtual happened on May 27th. The first CSEUG Virtual proved to be a huge success. It collected people from 23 countries – Germany, the United Kingdom, Switzerland, India, Bulgaria, Greece, Poland, Serbia, Brazil, Chile, Russia, USA, Canada, Japan, France, Uruguay, Korea …
We also had a record number of registrations and attendees for a CloudStack User Group Event. The physical distance was not a stopper for our speakers, who joined the event from 6 different countries.
------------------------------------------
About CloudStack: https://cloudstack.apache.org/
Intro video here - https://youtu.be/MWsoXPFHY5Q
Can you afford an outage? What happens if one occurs? IBM MQ brings you the capabilities to build active-active solutions for continuous availability and to scale out a system horizontally. This presentation shows you how to use MQ to its fullest, stepping away from single queue managers and utilising MQ clusters and the new Uniform Cluster pattern which automatically keeps your applications balanced, no matter what happens.
Speaker: Chris Du Preez
Host: Angel Alberici
Youtube: Virtual Muleys (https://www.youtube.com/c/VirtualMuleysOnline/videos)
Meetups: https://meetups.mulesoft.com/events/details/mulesoft-online-group-english-presents-runtime-fabric-rtf-foundations/
Runtime Fabric Foundations. Tune in this time to get a full overview around RTF: architecture, learning paths, tips, how to avoid pitfalls and more. Time to learn. Chris Du Preez will be guiding us through this 50 minutes session!
Anypoint Runtime Fabric is a container service that automates the deployment and orchestration of Mule applications and API gateways. Runtime Fabric runs within a customer-managed infrastructure on AWS, Azure, virtual machines (VMs), and bare-metal servers. (Find out more: https://docs.mulesoft.com/runtime-fabric/1.7/)
CloudStack allows various life cycle operations for a Virtual Machine (VM). It maintains queues internally, to sync and perform all these operations. This talk briefs about how job queues are maintained in CloudStack, to execute the VM operations, followed by a demo.
Suresh Anaparti is a software architect at ShapeBlue, the largest independent integrator of CloudStack technologies globally. He has over 15 years of end-to-end product development experience in Cloud Infrastructure, Telecom and Geospatial technologies. He is an active Apache CloudStack committer/contributor and is currently working with ShapeBlue. He has been working on CloudStack development for more than 5 years.
-----------------------------------------
The CloudStack European User Group 2022 took place on 7th April. The day saw a virtual get together for the European CloudStack Community, hosting 265 attendees from 25 countries. The event hosted 10 sessions with from leading CloudStack experts, users and skilful engineers from the open-source world, which included: technical talks, user stories, new features and integrations presentations and more.
------------------------------------------
About CloudStack: https://cloudstack.apache.org/
Ansible is simple open source IT engine which automates application deployment,intra service orchestration,cloud provisioning and many other IT tools.we will discuss what is ansible ,its feature ,architecture,writing ansible playbook,ansible role and ansible vs chef.
Presentation by Hugo Trippaers from Schuberg Phillis, he talks about Software Defined Networking and its application in cloud computing. Hugo implemented the integration of the Nicira private gateway in Apache CloudStack. He also covers midonet from Midokura, the BigSwitch virtual wit and the native SDN controller in CloudsStack which uses GRE tunnels. SDN allows to dynamically configure and manage virtual network, this allows for easy provisioning of tenant's network in teh cloud
CloudStack comes with a built-in SDN controller. One way of implementing SDN is to build overlay networks in the Data Center. This slideshow explains how CloudStack builds and maintains GRE tunnel overlays to provide scalable multi-tenant networking for cloud deployments
After two years, CloudStack Meetup was conducted on Aug 6 to understand the simplicity of Cloudstack, Drill-down into Optional Secondary Storage, How it fares with Openstack
and a Detailed demo of VPC feature of Cloudstack
Hongxin Hu
Delaware State University
Research Track Session Part 1
ONS2015: http://bit.ly/ons2015sd
ONS Inspire! Webinars: http://bit.ly/oiw-sd
Watch the talk (video) on ONS Content Archives: http://bit.ly/ons-archives-sd
NFV promises to do to carrier networks what Cloud has done to enterprise computing. NFV has been a part of CloudStack in order to scale and perform effectively. This presentation gives an overview of how and why NFV is used in CloudStack. This was presented at the NFV and SDN Summit on March 20, 2014 in Paris
Cloud native apps running in containerised environments look set to change the way compute resources are consumed. However, this presents challenges to Cloud Service providers who have already invested heavily in IaaS offerings based on the virtual machine model. We will discuss these challenges, look at the services that end-users will demand and how major public cloud providers have overcome these challenges. We will then showcase an exciting new project that gives a simple method for operators to deploy Containers as a Service to their end-users, based on Apache CloudStack.
Overview of OpenStack nova-networking evolution towards Neutron. Architecture overview of OVS plugin, ML2, and MidoNet Overlay product. Overview and example of Heat templates, along with automation of physical switches using Cumulus
Open stack networking_101_update_2014-os-meetupsyfauser
This is the latest Update to my OpenStack Networking / Neutron 101 Slides with some more Information and caveats on the new DVR and Gateway HA Features
Quantum - Virtual networks for Openstacksalv_orlando
An overview of Quantum, the soon-to-be default Openstack network service.
These slides introduce Quantum, its design goals, and discusses the API. It also tries to address how quantum relates to Software Defined Networking (SDN)
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...Dan Mihai Dumitriu
OpenStack deployments for public or private clouds require overlay networking. Due to the scale and rate of change of virtual resources, it isn't practical to rely on traditional network constructs and isolation mechanims. Today's deployments require performance, resilience, and high availability to be considered truly production-ready. In this session, we deep dive into the MidoNet architecture, and process of sending a data packet across an OpenStack environment through a network overlay. A distributed architecture implements logical constructs that are used to build networks without a single point of failure, all while adding network functionality in a highly-scalable manner. Network functions are applied in a single virtual hop. By applying network services right at the ingress host, the network is free from unnecessary clogging and bottlenecks by avoiding additional hops. Packets reach their destination more efficiently with the single virtual hop. After this session, the audience will understand how distributed architectures allow efficient networking with routing decisions and network services applied at the edge. Also, the audience will understand how it is easier to scale clouds when the network intelligence is distributed.
Integrating OpenStack To Existing InfrastructureHui Cheng
1. How to integrate OpenStack environment to our existing infrastructure.
2. How to efficiently interconnect the SAE & SWS, while preserving security properties and seamless connection.
3. The challenges we are facing when building & providing OpenStack-based public cloud service and how we solved it.
http://openstackconferencespring2012.sched.org/event/370f9d74a4e9e938a7f6f1e2af0958fe?iframe=yes&w=990&sidebar=no&bg=no#?iframe=yes&w=990&sidebar=no&bg=no#sched-body-outer
Understanding and deploying Network VirtualizationSDN Hub
Analogous to server virtualization, Network Virtualization decouples and isolates virtual networks (i.e. tenant) from the underlying network hardware. One of the key value propositions of Software-Defined Networking (SDN) is to enable the provisioning and operation of virtual networks. This tutorial motivates the need for network virtualization, describes the high-level requirements, provides an overview of all architectural approaches, and gives you a clear picture of the vendor landscape.
Previously presented at ONUG Fall 2013 and Spring 2014.
In Infrastructure-as-a-Service (IAAS) clouds, Xen is a popular choice of hypervisor. While the Xen hypervisor has strong isolation, integrating with the cloud infrastructure environment (switches, routers, load balancers, firewalls, ip address allocation) requires additional work by the IAAS cloud management platform (CMP) to achieve this. We will look at various solutions such as network virtualization, SDN, network function virtualization and L3 isolation that work with the Xen hypervisor, in the context of the Apache CloudStack IAAS platform. Attendees will come away with an understanding of the challenges of network isolation, how Apache CloudStack solves some of the scaling issues and the future of Xen-based clouds.
Deploying Apache CloudStack from API to UIJoe Brockmeier
For most organizations with a large computing footprint, it's not a matter of if you'll need a private cloud - it's when, and what kind. One of the most mature and widely deployed options is Apache CloudStack, a robust, turnkey cloud that includes everything you need to set up a private, public, or hybrid cloud. We'll cover Apache CloudStack from API to UI, and a little of everything in between.
A look at cloud network virtualization requirements, several implementation options, a retrospective on Neutron, and a presentation of the state of the art of Network Virtualization Overlays.
A look at kubeless a serverless framework on top of kubernetes. We take a look at what serverless is and why it matters then introduce kubeless which leverages Kubernetes API resources to provide a Function as a Services solution.
Intro to coreOS linux distributions and how it can be used to run docker based workloads in the cloud.
coreOS instances can be started in a cloudstack cloud, it makes use of cloud-init basics to
A look at clouds and big data trends and history. While Big Data arrived first on the scene -looking at google file system, hadoop, dynamo- Cloud was first in the hyper cycle. Google trends show this clearly. Amazon AWS however has already deployed analytics services on the their cloud while open source IaaS solutions are still struggling to deliver a EC2 clone. Cloud and Big data has three common points: 1-use an EC2 clone and a S3 clone (riakCS, glusterfs etc) to build a cloud 2-Use a big data solutions as a backend to your cloud to provide EBS or large scale image catalogue 3-deploy big data solutions on your cloud with tools like apache whirr, pallet, and newer devops tool chains with vagrant and co.
A presentation on Software Defined Networking, its concepts and application in cloud computing. I gave this presentation at OSCON 2013 in Portland: http://www.oscon.com/oscon2013/public/schedule/detail/31391. It starts with an introduction about SDN and some key concepts from the whitepaper at the Open Networking Foundation (ONF), I explain how OpenFlow and SDN differ, openflow being a standard protocol to control network devices. I then go on to review the many controllers out there and introduce a few key ones like floodlight, opendaylight, nicira. I give an overview of SDN integration in cloudplatform; opennebula, openstack and cloudstack and then gave a quick demo of the OpenDayLight controller.
My introduction slides from Build a Cloud Day Paris, the full recap of the event is available at http://buildacloud.org/blog/269-a-recap-from-bacd-paris.html. We had over 70 people attend this event where users of cloudstack, integrators and ecosystem partners presented how they work with cloudstack. iKoula a service provider in Paris showed how they created a cloud offering, Usharesoft showed how the can enhance image management and publish templates in cloudstack, Apalia showed how they have deployed cloudstack in multiple enterprises. Amysta showed how their products gives you very detailed billing information for your cloud. INRIA presented their private cloud for a continuous integration platform for France research community and btrcloud showed how they developed a plugin to provide adanced VM scheduling in your datacenter.
All presentations showed the various components of a cloud infrastructure. In these slides I also show how the Apache Software Foundation can be the base of your cloud and big data infrastructure since all components are under the ASF: CloudStack, hadoop, libcloud, jclouds, whirr, Stratos, Storm etc...
CloudStack / Saltstack lightning talk at DevOps AmsterdamSebastien Goasguen
This is my lightning talk from DevOps days Amsterdam on June 14th. I present a quick hack I did during LinuxTag berlin. Saltstack is an alternative to Puppet and Chef, written in Python it has an active community and is easy to use. Saltstack has a cloud client called salt-cloud which can use apache libcloud to interact with Cloud providers. I created a coudstack driver in saltstack and patched libcloud to be able to use salt on a CloudStack cloud. This talk lasted 5 minutes as per the rules of DevOps Lightning talk.
This is an early version of a deck I am working on to describe the clients and tools that you can use with CloudStack. CloudMonkey is covered in another presentation, apache libcloud is a python package which provides abstractions to many cloud providers, deltacloud is a ruby abstraction layer similar to libcloud which provides a standard CIMI frontend, jclouds is a leading abstraction for java applications. Apache Whirr builds on jclouds to provide on-demand big data infrastructure on clouds.
All tools are within the Apache Software Foundation, either top level projects of in the incubator (jclouds). this makes the ASF a one stop shop for your cloudplatform, your big data solution and your cloud clients. With Stratos from WSO2 joining the incubator, this means that the ASF now has a PaaS solution, completing the cloud ecosystem. One foundation, clear governance and processes, IaaS, BigData, PaaS and clients.
This is a presentation of CloudMonkey the Apache CloudStack CLI and interfactive shell. Entirely written in Python it features auto-completion, history, help, colored output, optional prompt, raw api calls, api discovery, tabularize output. See the screencast at http://youtu.be/y6wX4UhJ_Vg
Perfect tool for sys admins to manage their cloud from the comfort of the command line. Perfect tool for developers to test new API and services on top of the CloudStack API.
A walk through of the CloudStack API. full screencast available at http://www.youtube.com/watch?v=ZPfm2EksIbc
An API to your cloud orchestrator is key to automation of your data center.
We go through the basics of Query API calls, unauthenticated on the integration port and authenticated calls using the access and secret keys of a users and computing a signature. We show how to compute a signature in Python.
We also highlight various CloudStack clients in many different languageas (java, php, ruby, clojure etc..) and show how to explore the API using firebug console in firefox or via the CloudStack interfactive shell cloudmonkey. This is a good complement to my talk on CloudMonkey.
A description of a few CloudStack projects proposed for the 2013 Google Summer of Code.
The Apache Software Foundation (ASF) is a mentoring organization for the google summer of code 2013. Apache CloudStack being a top level project at the ASF has proposed several projects for GSOC. Interested students should review those projects, engage on the CloudStack mailing list and submit a proposal.
The best proposals could get awarded and the students would join the GSOC program from ~June till the end of september.
A quick intro to DevCloud the CloudStack sandbox, and how to use CloudMonkey to manage your cloud.
DevCloud is a virtualbox image that contains the CloudStack source code and that is setup to run the storage infrastructure needed by CloudStack plus the networking setup to build the guest network of the VMs. Tiny Linux instances can be started within the Devcloud VM making use of nested virtualization.
This is a perfect setup to discover cloudstack, give demos and test new codes. It is used to test new releases and verify basic functionality. You can run DevCloud on your laptop and then use the command line interface CloudMonkey to make API calls to your DevCloud instance.
This is the perfect complement to the talk on CloudMonkey and shows the basic functionality of a cloud. Instance creation, snapshots, networking, network offering and AWS EC2 compatibility.
An introduction to version control using git, github and the Apache CloudStack git repository.
Git is a distributed version control where developers can mantain a working local copy, make local changes and push to a central repository to share their code with other developers. Git has replaced SVN and CVS has the version control system of choice, especially with the adoption of github by the OSS community.
In this talk we show the basics of version control, we use gist from github to put simple scripts under version control and submit patches to it. We then show how to clone the cloudstack repository, explore the various feature and release branches. We then show how to create a patch and submit it to the Apache Software Foundation review board so that a committer of the CloudStack community can pick it up and apply it to the source tree.
This is the perfect talk to discover git and submit your first patch to CloudStack.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
CloudStack and SDN
1. Xen*, SDN and
Apache Cloudstack
Sebastien Goasguen,
Apache CloudStack Citrix EMEA
August 28th 2012
Xen Summit
2. Outline
• A bit about CloudStack
• A bit about SDN
• A bit about OpenVswitch
• Some bits about “SDN” in CloudStack
• Slides are on slideshare for download:
http://www.slideshare.net/sebastiengoasguen/
cloudstack-and-sdn
3. Apache CloudStack
• IaaS solution to build a • Java application
private/public cloud • Ant build but moving to
• Hypervisor agnostic: maven (via new
– Xen, XS, XCP contributor)
– KVM
– VMware
• Object store support • First Apache release 4.0
– Swift
coming Sept 26th
– Upcoming support from
Caringo
• EC2/S3 compatibility
4. Participating in CloudStack
• Apache incubator project
• http://www.cloudstack.org
• #cloudstack on irc.freenode.net
• @CloudStack on Twitter
• http://cloudstack.org/discuss/mailing-lists.html
Welcoming contributions and feedback, Join the fun !
6. NaaS ?
• “Cloud Servers”
– On-demand, Elastic, Measured server provisioning
• Cloud Storage
– Scalable/fault tolerant storage with object stores
• Cloud Networks
– How to do on-demand, elastic, measured
networking provisioning ?
– How to program the network ?
7. A very extensive API
• CloudStack orchestrates
your network:
– Provisioning
– Configuration
– Updates
• For multi-tenants
isolation
• Using hardware and
software devices
• At scale: O(10^4) Hyp,
O(10^5) VMs…
8. Software Defined Networking
• Enable innovation, experimentation,
optimization and customization of networks
• Move control of the network to software. i.e
Programmable network
• Virtualize the network
• Vendor-agnostic, standard protocol for
control: OpenFlow
9. OpenFlow
• Leading SDN protocol
• Decouples control and
data plane by giving a
controller the ability to
install flow rules on
switches.
• Hardware or software
• Google achieved 95% switches can use
utilization of WAN OpenFlow
backbone by using SDN
• Spec driven by ONF
10. OpenFlow
• OpenFlow rules can drop, rewrite, forward packets
Rule Action Stats
Packet + byte counters
1. Forward packet to port(s)
2. Encapsulate and forward to controller
3. Drop packet
4. Send to normal processing pipeline
Switch MAC MAC Eth VLAN IP IP IP TCP TCP
Port src dst type ID Src Dst Prot sport dport
Diagram Src: http://www.openflow.org/wp/documents/
August 28, 2012 10
11. OF Controllers
• Several controllers out
there (NOX,
POX,Trema…)
• Floodlight from Big
Switch. Apache license
12. OpenVSwitch
• “Open vSwitch is a
production quality,
multilayer virtual switch
licensed under the open
source Apache 2.0
license. It is designed to
enable the massive
network automation
through programmatic
extension…”
13. OpenVSwitch
• Default bridge in XenServer
and XCP
• Supported in Xen but not
integrated in toolstack
• Enables:
– VLAN tagging
– Rate limiting
– GRE tunnels
– OpenFlow controller
– …
• High Performance
( http://networkheresy.com/category/
14. e.g OVS rate limiting
• Can enforce QoS with rate limiting controls
• ovs-vsctl set Interface tap0
ingress_policing_rate=1000
• ovs-vsctl set Interface tap0
ingress_policing_burst=100
16. e.g OVS and GRE tunnels
• No Cookbook on OVS page
• ovs-vsctl add-port br1 gre1 -- set interface gre1
type=gre options:remote_ip=192.168.1.152
17. OVS and Openflow
• Point OVS switches to an OF controller:
$ovs_vsctl set-controller br0 tcp 192.168.1.33:6633
• Install rules on switch
–Proactively (before any packet flows)
–Reactively (unknown packets forwarded to controller,
who pushes flow mod on switch, then operates at line
rate)
• Can do SDN with OpenFLOW but also with
straight up OVS and managing mappings/rules in
CloudStack db.
18. OpenNebula
• Supports VLAN tagging
and rate limiting
through “hooks” that
call ovs_vsctl
• Scripts executed on an
hypervisor before a VM
is launched
• Potentially also
executed after VM
shutdown for cleanup
• Also supports OpenFlow
19. CloudStack Nicira Support
• https://cwiki.apache.or
g/confluence/display/CL
OUDSTACK/Feature+Nic
ira+NVP+integration
• By Hugo Trippaers,
Schuberg Philis
20. API key to customization of the
network
• You dream it,
CloudStack orchestrates
it
21. Terminology
Zone: Availability zone,
aka Regions. Could be
worldwide. Different data
centers
Pods: Racks or aisles in a
data center
Clusters: Group of
machines with a common
type of Hypervisor
Host: A Single server
Primary Storage: Shared
storage across a cluster
Secondary Storage:
Shared storage in a single
Zone
22. Physical Network
Operations
Users
Admin and
Cloud API
CloudStack
Mgmt Server
Cluster Router
MySQL
Load Balancer
Availability Zone
L3 Core Switch
Access
Layer
Switches
…
Secondary
Servers
Storage
… … … …
Pod 1 Pod 2 Pod 3 Pod N
Slide from Chiradeep Vittal, http://www.slideshare.net/cloudstack/cloudstack-networking
23. Layer-2 Guest Virtual Network
1 VLAN per guest network
CS Virtual Router provides Network Services External Devices provide Network Services
Network Hardware exposing API can be controlled
Guest Virtual Network 10.1.1.1/8 Guest Virtual Network 10.1.1.1/8
VLAN 100 VLAN 100
Public Public
Network/Inter Network/Inter
net net Guest
Guest Private IP
VM 1 Public IP 10.1.1.1 VM 1
10.1.1.1 10.1.1.111
Gateway 65.37.141.11 Juniper
Public IP 1 SRX
address
65.37.141.11 CS Firewall
10.1.1.1 Guest Guest
Virtual
10.1.1.3 VM 2 10.1.1.3 VM 2
Router
Public IP Private IP
DHCP, DNS 65.37.141. 10.1.1.112
NetScaler
NAT 112
Guest Load Guest
Load Balancing 10.1.1.4 VM 3 Blancer 10.1.1.4 VM 3
VPN
Guest Guest
10.1.1.5 VM 4 10.1.1.5 VM 4
CS
DHCP, Virtual
Router
DNS
Slide from Chiradeep Vittal, http://www.slideshare.net/cloudstack/cloudstack-networking
24. Opportunity for Xen
• Opportunity to create highly specialized
networking services appliances using
– OpenMirage VMs
– HalVM
• See talks in Monday’s session
25. Networking challenges in a private
Cloud
• Multi-tenants on hypervisors => isolation
between guest networks
• VLANs in the datacenter is hard and limit at
4096 VLANs.
• Hardware switches may not do it very well or
have a lower limit
26. Networking trend
• Move to software switches
• Move to L3 isolation
• Use tunnels between OVS (GRE tech preview)
• Program the network through API
• Encapsulation virtualizes the network,
between overlays on overlays on overlays..
• L3 on L2 on GRE on L3 on L2…
• Then you bring the WAN and you have:
• L3 on L2 on GRE on L3 on L2 on GRE on L3 on
L2 ….Euhhhh !!!
27. Back of the enveloppe
• ~10,000 hypervisors in your data center
• ~100,000 VMs
– x10 or x100 if you use HalVM or Openmirage.org
• (10,000*9,999)/2 tunnels for a full mesh
– 50x10^6 tunnels to keep track of ?
28. Slide from Chiradeep Vittal
Layer 3 cloud networking
Web
Web DB
DB Web
Web
VM
VM VM
VM VM
VM
Web DB
Security Security
Group Group
Web
Web Web
Web DB
DB
VM
VM VM
VM VM
VM
… … …
Web
Web Web
Web
VM
VM VM
VM
Ingress Rule: Allow VMs in Web Security Group access to VMs in DB Security Group on Port 3306
29. L3 isolation with distributed firewalls
Tenant 10.1.0.2
Public Public IP address
1 VM 1
Internet 65.37.141.11
65.37.141.24
65.37.141.36 10.1.0.1
Pod 1 L2 Tenant 10.1.0.3
65.37.141.80 Switch 2 VM 1
Tenant 10.1.0.4
1 VM 2
L3 Core
Pod 2 L2
Switch
10.1.8.1
…
10.1.16.1
Load Pod 3 L2
Balancer Switch
…
Slide from Chiradeep Vittal
30. L3 isolation with distributed firewalls
Tenant 10.1.0.2
Public Public IP address
1 VM 1
Internet 65.37.141.11
65.37.141.24
65.37.141.36 10.1.0.1
Pod 1 L2 Tenant 10.1.0.3
65.37.141.80 Switch 2 VM 1
Tenant 10.1.0.4
1 VM 2
L3 Core
Pod 2 L2
Switch
10.1.8.1
…
10.1.16.1
Load Pod 3 L2
Balancer Switch
… Tenant
1 VM 3
10.1.16.47
Tenant
10.1.16.85
1 VM 4
Slide from Chiradeep Vittal
31. L3 isolation with distributed firewalls
Tenant 10.1.0.2
Public Public IP address
1 VM 1
Internet 65.37.141.11
65.37.141.24
65.37.141.36 10.1.0.1
Pod 1 L2 Tenant 10.1.0.3
65.37.141.80 Switch 2 VM 1
Tenant 10.1.0.4
1 VM 2
L3 Core
Pod 2 L2
Switch
10.1.8.1
…
Tenant 10.1.16.12
10.1.16.1 2 VM 2
Load Pod 3 L2
Balancer Switch
Tenant
2 VM 3 10.1.16.21
… Tenant
1 VM 3
10.1.16.47
Tenant
10.1.16.85
1 VM 4
Slide from Chiradeep Vittal
32. A Million Firewalls?
VM
VM VM VM
… VM VM VM
VM
… … … VM
VM
VM VM …
VM VM VM
VM VM
VM VM VMVM
VM VM
VM VM VM
VM VM VMVM
VM
VM VM VM
… VM VM VM
VM
… … … VM
VM
VM VM …
VM VM VM
VM VM
VM VM VM
VM
VM VM
VM VM VM
VM VM VM
VM
VM
VM VMVM VM
… … VM VM
VM VM
… … VM
VM VM …
VM VM VM
VM VM
VM VM
VM
VM
VM VM
VM VM
VM VM
VM VM
VM
VM
VM VM VM
… VM VM VM
VM
… … … VM
VM
VM VM …
VM VM VM
VM VM
VM VMVM
VM
VM VM VM
VM VM VM
VM VMVM
VM
VM VM VM
… VM VM VM
VM
… … … VM
VM
VM VM …
VM VM VM
VM VM
VM VM
VM
VM
VM VMVM VM
VM VM
VM VM
VM
…
VM
VM
VM
VM
…
VM
VM
VM
VM
…
VM
VM
VM
…
VM
VM … VM
…
VM
VM VM
VM VM
VM
VM VM VM VM
VM VM VM
VM VM
VM
VM
VM VM
VM VM
… … VM VM
VM VM
… … VM
VM VM …
VM VM VM
VM VM
VM VM
VM
VM
VM VM VM
VM VM VM
VM VM
VM
VM
VM VM VM
… VM VM VM
VM
… … … VM
VM
VM VM …
VM VM VM
VM VM
VM VM
VM
VM
VM VM VM
VM VM VM
VM VM
VM
Slide from Chiradeep Vittal
33. Problem:
Manage the state of 100s of thousands of firewalls
Solution:
Well-known software scaling techniques
•Message queues
•Consistency tradeoffs
•Idempotent configuration & retries
CloudStack uses
•special purpose queues
•optimized for large security groups
•eventual consistency for rule updates
Slide from Chiradeep Vittal
34. Problem:
Firewall (iptables) rules explosion on the host firewall
Solution:
Use ipsets:
ipset –N web_sg iptreemap
ipset –A web_sg 10.1.16.31
ipset –A web_sg 10.1.16.112
ipset –A web_sg 10.1.189.5
…
ipset –A web_sg 10.21.9.77
-A FORWARD –p tcp –m tcp –dport 3060 –m set –match-set web_sg src -j ACCEPT
Slide from Chiradeep Vittal
35. Conclusions
• Programmable networking is here
• Software switches are key enabler to network
virtualization
• Opens the door for scalable, on-demand,
ephemeral networks
• OVS is the default switch in Xen, and
supported in XenServer and XenCP.
• CloudStack implements highly scalable
network structures and leverages OVS
capabilities
36. Participating in CloudStack
• Apache incubator project
• http://www.cloudstack.org
• #cloudstack on irc.freenode.net
• @CloudStack on Twitter
• http://cloudstack.org/discuss/mailing-lists.html
Welcoming contributions and feedback, Join the fun !
Editor's Notes
Related VMs are placed into security groups: for example, web vms are placed in the web security group and the db vms are in the DB security group. By default all ingress traffic to the vm is dropped. To allow web vms to communicate to DB vms, the cloud user calls an api to allow access on the database’s tcp port.
Each pod has a different subnet. When a VM is started in a pod, it acquires a free ip in that pod’s subnet. Different tenants can land up in the same pod and hence share the same L2 subnet. Because security groups deny all by default, each VM needs a host-based firewall (embedded in the hypervisor dom0) to enforce this. This also prevents stuff like DHCP and ARP snooping. To prevent attacks, multicast and broadcast are blocked by the firewall
As a tenant starts more vms, the vms can land in different pods. The cloud user cannot make any assumptions about L2 connectivity between their vms.
As vms get created and destroyed, CloudStack has to ensure the configuration of the host-based firewalls (iptables) is consistent with the security group rules programmed by the cloud user
40,000 hypervisors in a data center x 25 vms / hypervisor = 1 million firewalls to be orchestrated by CloudStack
An ipset is a kernel datastructure that can match an ip very efficiently against a large set of ips. For example, using a tree structure, an ip address can be quickly tested for containment. The ipset is supplied to the iptables rule leading to a single iptable rule.