This document summarizes CloudStack networking features and architecture. CloudStack provides orchestration of network services like IPAM, DNS, firewalls, load balancing, and VPN. It supports various network isolation techniques including VLANs, L3 isolation, and overlay networks. The CloudStack virtual router provides default network services, and external devices can also be integrated. CloudStack networking supports advanced configurations including multi-tier networks, bring your own services, and software defined networking.
CloudStack - Top 5 Technical Issues and TroubleshootingShapeBlue
Cloudstack Top 5 technical issues and troubleshooting. Cloudstack is a mature product in use by companies world-wide. While being associated with CloudStack development for over 5 years, Abhi has come across some technical issues that once in a while affect the CloudStack deployment. This presentation is an effort to put together top 5 such issues, analyze their symptoms, see them from CloudStack architecture perspective and from the distributed nature of cloud orchestration, then look at ways to avoid them and finally be able to troubleshoot if they occur.
In this talk, Vladi looks at the new Volume encryption option (due in CloudStack 4.18). He presents the new ability to use encrypted root and data volumes on different storage types, the benefits and the current limitations of the implementation.
Vladimir Petrov is a QA engineer with more than 20 years of experience in the IT field. He is using and testing Apache CloudStack for almost 3 years now. Currently working as a QA Engineer in ShapeBlue.
-----------------------------------------
CloudStack Collaboration Conference 2022 took place on 14th-16th November in Sofia, Bulgaria and virtually. The day saw a hybrid get-together of the global CloudStack community hosting 370 attendees. The event hosted 43 sessions from leading CloudStack experts, users and skilful engineers from the open-source world, which included: technical talks, user stories, new features and integrations presentations and more.
Building a redundant CloudStack management cluster - Vladimir MelnikShapeBlue
Building a redundant CloudStack management cluster. Building and maintaining an open-source-driven clustered environment for Apache CloudStack management server with GNU Linux, HAProxy, HeartBeat, Bind, OpenLDAP and other tools.
CloudStack - Top 5 Technical Issues and TroubleshootingShapeBlue
Cloudstack Top 5 technical issues and troubleshooting. Cloudstack is a mature product in use by companies world-wide. While being associated with CloudStack development for over 5 years, Abhi has come across some technical issues that once in a while affect the CloudStack deployment. This presentation is an effort to put together top 5 such issues, analyze their symptoms, see them from CloudStack architecture perspective and from the distributed nature of cloud orchestration, then look at ways to avoid them and finally be able to troubleshoot if they occur.
In this talk, Vladi looks at the new Volume encryption option (due in CloudStack 4.18). He presents the new ability to use encrypted root and data volumes on different storage types, the benefits and the current limitations of the implementation.
Vladimir Petrov is a QA engineer with more than 20 years of experience in the IT field. He is using and testing Apache CloudStack for almost 3 years now. Currently working as a QA Engineer in ShapeBlue.
-----------------------------------------
CloudStack Collaboration Conference 2022 took place on 14th-16th November in Sofia, Bulgaria and virtually. The day saw a hybrid get-together of the global CloudStack community hosting 370 attendees. The event hosted 43 sessions from leading CloudStack experts, users and skilful engineers from the open-source world, which included: technical talks, user stories, new features and integrations presentations and more.
Building a redundant CloudStack management cluster - Vladimir MelnikShapeBlue
Building a redundant CloudStack management cluster. Building and maintaining an open-source-driven clustered environment for Apache CloudStack management server with GNU Linux, HAProxy, HeartBeat, Bind, OpenLDAP and other tools.
In this session, Lucian talks about monitoring CloudStack and its related components. What are the best practices and what do you need to track closely to ensure your cloud reliability.
Lucian is a long-time sysadmin and Apache Cloustack user and contributor. He has a background in hosting, virtualisation and datacentre operations, but is now working full time on Cloudstack.
-----------------------------------------
CloudStack Collaboration Conference 2022 took place on 14th-16th November in Sofia, Bulgaria and virtually. The day saw a hybrid get-together of the global CloudStack community hosting 370 attendees. The event hosted 43 sessions from leading CloudStack experts, users and skilful engineers from the open-source world, which included: technical talks, user stories, new features and integrations presentations and more.
VM Autoscaling With CloudStack VR As Network ProviderShapeBlue
In this talk, Wei looks at the new VM autoscaling functionality in CloudStack (due for the 4.18 release) that gives VM autoscaling without relying on any external devices.
Wei Zhou is a committer and PMC member of Apache CloudStack project, and works for ShapeBlue as a Software Architect.
-----------------------------------------
CloudStack Collaboration Conference 2022 took place on 14th-16th November in Sofia, Bulgaria and virtually. The day saw a hybrid get-together of the global CloudStack community hosting 370 attendees. The event hosted 43 sessions from leading CloudStack experts, users and skilful engineers from the open-source world, which included: technical talks, user stories, new features and integrations presentations and more.
OpenStack 운영을 통해 얻은 교훈을 공유합니다.
목차
1. TOAST 클라우드 지금의 모습
2. OpenStack 선택의 이유
3. 구성의 어려움과 극복 사례
4. 활용 사례
5. 풀어야 할 문제들
대상
- TOAST 클라우드를 사용하고 싶은 분
- WMI를 처음 들어보시는 분
Docker Networking with New Ipvlan and Macvlan DriversBrent Salisbury
Docker Networking presentation at ONS2016.
Docker Macvlan and Ipvlan Networking Drivers Experimental Readme:
github.com/docker/docker/blob/master/experimental/vlan-networks.md
Kernel requirements for Ipvlan mode is v4.2+, Macvlan mode is v3.19.
If using Virtualbox to test with, use NAT mode interfaces unless you have multiple MAC addresses working in your setup. Use the 172.x.x.x subnet and gateway used by the VBox NAT network. Vmware Fusion works out of the box.
Here is a screenshot of a VirtualBox NAT interface:
https://www.dropbox.com/s/w1rf61n18y7q4f1/Screenshot%202016-03-20%2001.55.13.png?dl=0
Dag Sonstebo. Dag will give an overview of the pros and cons of working with KVM in a CloudStack environment, as well as diving deeper into installation, configuration, networking and storage options.
PPTV is using CloudStack 3.0.2 in its production environment. Currently there are more than 150 hosts, and migrate their apps to cloud everyday (10 host per day). At the end of 2013, there will be more than 1000 hosts in a CloudStack environment.
Dimsi have developed a backup solution for Virtual Machines based on KVM hypervisors. Every layer of the product uses Open Source libraries or components (Python, VueJS, Celery, Borg Backup, Redis, Socketio, Flask). There is no agent needed on the VMs. Dimsi have implemented a feature to group the hosts based on their use (CloudStack Hosts or Management Hosts) and apply specific policies to the groups. In the CloudStack context, this product can help you backup and restore all your VMs easily if the hypervisors are KVM-based. Moreover, restoring the VMs is effortless because KVM and CloudStack use the same id for the VM disks, so no need to hack the database to match them.
Quentin Roccia : Senior DevOps engineer, Cloud enabler
Quentin is in charge of DIMSI custom developments on top of Apache Cloudtack deployment : customer portal, backup solutions.
On a daily basis, he helps our customers to build and improve Devops strategy, including GitLab, Cloudstack APIs and Python devs.
Quentin is the main contributor of KVM backup solution
Joffrey Luangsaysana : Senior Cloud engineer, Plateform specialist
Joffrey is responsible of our core plateform, including compute, storage, networking, and Apache Cloudstack services.
He is focused on providing maximum performances and uptime to our customer, and dedicated to guarantee fast and reliable customer VM’s backup.
-----------------------------------------
The CloudStack European User Group 2022 took place on 7th April. The day saw a virtual get together for the European CloudStack Community, hosting 265 attendees from 25 countries. The event hosted 10 sessions with from leading CloudStack experts, users and skilful engineers from the open-source world, which included: technical talks, user stories, new features and integrations presentations and more.
------------------------------------------
About CloudStack: https://cloudstack.apache.org/
4.17.0 is the latest Apache CloudStack major release. In this talk, Nicolas goes through the new features introduced in this version from an administrator/user perspective, explaining their benefits and the problems those features resolve. He also ran a live demo to see the new features in action.
Nicolas Vazquez is a Senior Software Engineer at ShapeBlue and is a PMC member of the Apache CloudStack project. He spends his time designing and implementing features in Apache CloudStack and can be seen acting as a release manager also. Nicolas is based in Uruguay and is a father of a young girl. He is a fan of sports, enjoys playing tennis and football. In his free time, he also enjoys reading and listening to economic and political materials.
-----------------------------------------
CloudStack Collaboration Conference 2022 took place on 14th-16th November in Sofia, Bulgaria and virtually. The day saw a hybrid get-together of the global CloudStack community hosting 370 attendees. The event hosted 43 sessions from leading CloudStack experts, users and skilful engineers from the open-source world, which included: technical talks, user stories, new features and integrations presentations and more.
CloudStack, the world's leading open-source cloud infrastructure platform, was recently donated to the Apache Foundation, and is now an incubated Apache project. Ewan Mellor, Director of Engineering in the Citrix Cloud Platforms Group will describe the CloudStack project and explain why Xen is the pre-eminent hypervisor in public clouds today. He will describe the changes coming in CloudStack in the next 12 months, and how they are going to change the way that Xen is consumed in public and private clouds next year.
Software Defined Networking is seeing a lot of momentum these days. With server virtualization solving the virtual machines problem, and large scale object storage solving the distributed storage challenge, SDN is seen as key in virtual networking.
In this talk we don't try to define SDN but rather dive straight into what in our opinion is the core enabled of SDN: the virtual switch OVS.
OVS can help manage VLAN for guest network isolation, it can re-route any traffic at L2-L4 by keeping forwarding tables controlled by a remote controller (Openfow controller). We show these few OVS capabilities and highlight how they are used in CloudStack and Xen.
Xen Summit presentation of CloudStack and Software Defined Networks. OpenVswitch is the default bridge in Xen and supported in XenServer and Xen Cloud Platform
In this session, Lucian talks about monitoring CloudStack and its related components. What are the best practices and what do you need to track closely to ensure your cloud reliability.
Lucian is a long-time sysadmin and Apache Cloustack user and contributor. He has a background in hosting, virtualisation and datacentre operations, but is now working full time on Cloudstack.
-----------------------------------------
CloudStack Collaboration Conference 2022 took place on 14th-16th November in Sofia, Bulgaria and virtually. The day saw a hybrid get-together of the global CloudStack community hosting 370 attendees. The event hosted 43 sessions from leading CloudStack experts, users and skilful engineers from the open-source world, which included: technical talks, user stories, new features and integrations presentations and more.
VM Autoscaling With CloudStack VR As Network ProviderShapeBlue
In this talk, Wei looks at the new VM autoscaling functionality in CloudStack (due for the 4.18 release) that gives VM autoscaling without relying on any external devices.
Wei Zhou is a committer and PMC member of Apache CloudStack project, and works for ShapeBlue as a Software Architect.
-----------------------------------------
CloudStack Collaboration Conference 2022 took place on 14th-16th November in Sofia, Bulgaria and virtually. The day saw a hybrid get-together of the global CloudStack community hosting 370 attendees. The event hosted 43 sessions from leading CloudStack experts, users and skilful engineers from the open-source world, which included: technical talks, user stories, new features and integrations presentations and more.
OpenStack 운영을 통해 얻은 교훈을 공유합니다.
목차
1. TOAST 클라우드 지금의 모습
2. OpenStack 선택의 이유
3. 구성의 어려움과 극복 사례
4. 활용 사례
5. 풀어야 할 문제들
대상
- TOAST 클라우드를 사용하고 싶은 분
- WMI를 처음 들어보시는 분
Docker Networking with New Ipvlan and Macvlan DriversBrent Salisbury
Docker Networking presentation at ONS2016.
Docker Macvlan and Ipvlan Networking Drivers Experimental Readme:
github.com/docker/docker/blob/master/experimental/vlan-networks.md
Kernel requirements for Ipvlan mode is v4.2+, Macvlan mode is v3.19.
If using Virtualbox to test with, use NAT mode interfaces unless you have multiple MAC addresses working in your setup. Use the 172.x.x.x subnet and gateway used by the VBox NAT network. Vmware Fusion works out of the box.
Here is a screenshot of a VirtualBox NAT interface:
https://www.dropbox.com/s/w1rf61n18y7q4f1/Screenshot%202016-03-20%2001.55.13.png?dl=0
Dag Sonstebo. Dag will give an overview of the pros and cons of working with KVM in a CloudStack environment, as well as diving deeper into installation, configuration, networking and storage options.
PPTV is using CloudStack 3.0.2 in its production environment. Currently there are more than 150 hosts, and migrate their apps to cloud everyday (10 host per day). At the end of 2013, there will be more than 1000 hosts in a CloudStack environment.
Dimsi have developed a backup solution for Virtual Machines based on KVM hypervisors. Every layer of the product uses Open Source libraries or components (Python, VueJS, Celery, Borg Backup, Redis, Socketio, Flask). There is no agent needed on the VMs. Dimsi have implemented a feature to group the hosts based on their use (CloudStack Hosts or Management Hosts) and apply specific policies to the groups. In the CloudStack context, this product can help you backup and restore all your VMs easily if the hypervisors are KVM-based. Moreover, restoring the VMs is effortless because KVM and CloudStack use the same id for the VM disks, so no need to hack the database to match them.
Quentin Roccia : Senior DevOps engineer, Cloud enabler
Quentin is in charge of DIMSI custom developments on top of Apache Cloudtack deployment : customer portal, backup solutions.
On a daily basis, he helps our customers to build and improve Devops strategy, including GitLab, Cloudstack APIs and Python devs.
Quentin is the main contributor of KVM backup solution
Joffrey Luangsaysana : Senior Cloud engineer, Plateform specialist
Joffrey is responsible of our core plateform, including compute, storage, networking, and Apache Cloudstack services.
He is focused on providing maximum performances and uptime to our customer, and dedicated to guarantee fast and reliable customer VM’s backup.
-----------------------------------------
The CloudStack European User Group 2022 took place on 7th April. The day saw a virtual get together for the European CloudStack Community, hosting 265 attendees from 25 countries. The event hosted 10 sessions with from leading CloudStack experts, users and skilful engineers from the open-source world, which included: technical talks, user stories, new features and integrations presentations and more.
------------------------------------------
About CloudStack: https://cloudstack.apache.org/
4.17.0 is the latest Apache CloudStack major release. In this talk, Nicolas goes through the new features introduced in this version from an administrator/user perspective, explaining their benefits and the problems those features resolve. He also ran a live demo to see the new features in action.
Nicolas Vazquez is a Senior Software Engineer at ShapeBlue and is a PMC member of the Apache CloudStack project. He spends his time designing and implementing features in Apache CloudStack and can be seen acting as a release manager also. Nicolas is based in Uruguay and is a father of a young girl. He is a fan of sports, enjoys playing tennis and football. In his free time, he also enjoys reading and listening to economic and political materials.
-----------------------------------------
CloudStack Collaboration Conference 2022 took place on 14th-16th November in Sofia, Bulgaria and virtually. The day saw a hybrid get-together of the global CloudStack community hosting 370 attendees. The event hosted 43 sessions from leading CloudStack experts, users and skilful engineers from the open-source world, which included: technical talks, user stories, new features and integrations presentations and more.
CloudStack, the world's leading open-source cloud infrastructure platform, was recently donated to the Apache Foundation, and is now an incubated Apache project. Ewan Mellor, Director of Engineering in the Citrix Cloud Platforms Group will describe the CloudStack project and explain why Xen is the pre-eminent hypervisor in public clouds today. He will describe the changes coming in CloudStack in the next 12 months, and how they are going to change the way that Xen is consumed in public and private clouds next year.
Software Defined Networking is seeing a lot of momentum these days. With server virtualization solving the virtual machines problem, and large scale object storage solving the distributed storage challenge, SDN is seen as key in virtual networking.
In this talk we don't try to define SDN but rather dive straight into what in our opinion is the core enabled of SDN: the virtual switch OVS.
OVS can help manage VLAN for guest network isolation, it can re-route any traffic at L2-L4 by keeping forwarding tables controlled by a remote controller (Openfow controller). We show these few OVS capabilities and highlight how they are used in CloudStack and Xen.
Xen Summit presentation of CloudStack and Software Defined Networks. OpenVswitch is the default bridge in Xen and supported in XenServer and Xen Cloud Platform
Overview of OpenStack nova-networking evolution towards Neutron. Architecture overview of OVS plugin, ML2, and MidoNet Overlay product. Overview and example of Heat templates, along with automation of physical switches using Cumulus
Technical Presentation about the MidoNet architecture and in-depth discussion about MidoNet features like Distributed Layer 2 Switching, Distributed Layer 3 Routing, Firewall, NAT and Distributed Flow State.
About MidoNet
Taking an overlay-based approach to network virtualization, MidoNet sits on top of any IP-connected network, and pushes the network intelligence to the edge of the network, in software. MidoNet makes it possible to build an IaaS cloud with fully virtualized and distributed scale-out L2-L4 networking.
Presenter: Taku Fukushima, Midokura Engineering
Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2Damir Bersinic
This is the second of a 2-part series delivered at Prairie DevCon in Calgry on March 15. 2012. The sessions provided a quick overview of the new features of Hyper-V in Windows Server "8" Beta and how these compare to VMware vSphere 5.
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld
VMworld 2013
Rajiv Krishnamurthy, VMware
Manish Mittal, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
Network and Service Virtualization tutorial at ONUG Spring 2015SDN Hub
Tutorial at ONUG Spring 2015 on Network and Service Virtualization. The tutorial covers three converging trends 1) Network virtualization, 2) Service virtualization, 3) overlay networking for Docker and OpenStack. The talk concludes with pointers to the hands-on portion of the tutorial that uses LorisPack, and the operational lessons learned.
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...Dan Mihai Dumitriu
OpenStack deployments for public or private clouds require overlay networking. Due to the scale and rate of change of virtual resources, it isn't practical to rely on traditional network constructs and isolation mechanims. Today's deployments require performance, resilience, and high availability to be considered truly production-ready. In this session, we deep dive into the MidoNet architecture, and process of sending a data packet across an OpenStack environment through a network overlay. A distributed architecture implements logical constructs that are used to build networks without a single point of failure, all while adding network functionality in a highly-scalable manner. Network functions are applied in a single virtual hop. By applying network services right at the ingress host, the network is free from unnecessary clogging and bottlenecks by avoiding additional hops. Packets reach their destination more efficiently with the single virtual hop. After this session, the audience will understand how distributed architectures allow efficient networking with routing decisions and network services applied at the edge. Also, the audience will understand how it is easier to scale clouds when the network intelligence is distributed.
Build clouds the way some of the world’s biggest public and private clouds are built—using CloudStack. This 60-minute webinar with the Cloudstack team will help you gain a better understanding of the CloudStack architecture and feature set.
“Apache Hadoop, Now and Beyond”, Jim Walker, Director of Product Marketing, Hortonworks
Hadoop is an open source project that allows you to gain insight from massive amounts of structured and unstructured data quickly and without significant investment. It is shifting the way many traditional organizations think of analytics and business models. While it is deigned to take advantage of cheap commodity hardware, it is also perfect for the cloud as it is built to scale up or down without system interruption. In this presentation, Jim Walker will provide an overview of Apache Hadoop and its current state of adoption in and out of the cloud.
"Scaling Storage with Ceph", Ross Turk, VP of Community, Inktank
Ceph is an open source distributed object store, network block device, and file system designed for reliability, performance, and scalability. It runs on commodity hardware, has no single point of failure, and is supported by the Linux kernel. This talk will describe the Ceph architecture, share its design principles, and discuss how it can be part of a cost-effective, reliable cloud stack.
"Deploying Private PaaS with ActiveState Stackato”, Diane Mueller, Director Cloud Evangelism, ActiveState
This presentation covers building and deploying a Private Platform-as-a-Service (PaaS) on CloudStack. Diane Mueller, ActiveState's Cloud Evangelist shows how to deploy ActiveState's Stackato, an enterprise-ready multi-lingual Private PaaS that runs on any cloud and supports deploying and managing web & mobile applications in any language including Java, .Net, Python, Perl, PHP Ruby, Node.js, Clojure, Scala and Erlang - to name a few. Using the CloudStack UI, Diane demonstrates how to configure and deploy the PaaS and then shows how easy it is to push a live application in under an hour.
"Xen Cloud Platform”, Mike McClurg, Senior Engineer, Xen.org Engineering
The Xen Cloud Platform is an open-source, enterprise-ready server virtualization platform. It is based on the Xen hypervisor, and represents the common code base for Citrix's XenServer product line. This presentation gives an introduction to XCP, and how it relates to both the Xen hypervisor and to Citrix's XenServer. It covers XCP's XenAPI and how it can be used by two of the most popular cloud orchestration frameworks, CloudStack and OpenStack. Finally, it discusses the XCP "roadmap," and the plans for the future of XCP.
Introduction to Open Source Cloud Computing", Mark Hinkle, Senior Director Cloud Computing Community, Citrix
Very few trends in IT have generated as much buzz as cloud computing. This session will cut through the hype and clarify what cloud computing is, what the use cases are, and what open source software exists to build and manage clouds. The discussion will appeal to systems administrators, IT generalists, and developers...anybody who wants to create a cloud computing environment on their own hardware in their own data centers and deploy applications to this cloud.
This presentation is the introduction to the monthly CloudStack.org demonstration. The presentation details the latest features in the CloudStack open source project as well as project news. To attend a future presentation, with live demo and Q&A visit:
http://www.slideshare.net/cloudstack/introduction-to-cloudstack-12590733
The shift to cloud-based services has dramatically altered the IT landscape as we know it. Enterprise infrastructure borders have expanded beyond the firewall and now include hosted applications and infrastructure hosted in public and private clouds. Puppet helps DevOps teams meet their common objectives, creating a seamless IT infrastructure across departments, reducing cost and increasing productivity.
This training section will cover deploying cloud infrastructure automatically using Puppet, an open source configuration management and automation tool.The session will cover the following topics:
Configuring Puppet and Puppetmaster
Resource Types and the Resource Abstration Layer
Virtual Resources, Exported Resources and Stored Configs
Speaker Bio
Luke founded Puppet and Puppet Labs in 2005 out of fear and desperation, with the goal of producing better operations tools and changing how we manage systems. He has been publishing and speaking on his work in system administration since 1997, focusing on development since 2001. He has developed and published multiple simple sysadmin tools and contributed to established products like Cfengine, and has presented on Puppet and other tools around the world, including at OSCON, LISA, Linux.Conf.au, and FOSS.in. His work with Puppet has been an important part of DevOps and delivering on the promise of cloud computing.
GlusterFS is an open source scale-out NAS solution. The software is a powerful and flexible solution that simplifies the task of managing unstructured file data whether you have a few terabytes of storage or multiple petabytes. It’s no secret that unstructured data is growing like crazy, Gluster provides a solutions that scales capacity and performance as you need it and is an ideal fit for an IT environment that is increasingly virtualized and moving to the cloud.
There are two key ways that GlusterFS is beneficial for cloud builders:
1. Storage layer for VMs. If you're deploying Xen or KVM VMs on a private cloud, storing them on GlusterFS gives you the ability to migrate to different hypervisors, suspend and resume quickly - even on another hypervisor, scale out far beyond what other filesystems will allow, and utilize N-way replication for DR and HA
2. Unified storage layer for applications. With GlusterFS 3.3, you will be able to access your application data stores from an object (S3, Swift-style) interface, as well as a traditional POSIX-compatible NAS interface. This unified approach gives developers and admins the ability to access the same data store using a variety of different methods.
In this session, attendees will learn steps for deployment and some common use cases.
Speaker Bio
John Mark is an experienced veteran of all things open source and a self-described agitprop, agitator and advocate for those who volunteer countless, unpaid hours for a particular project or community. He first fell down the slippery slope of open source as a web developer at VA Linux Systems and eventually switched to the community team, beginning a career that has now lasted over ten years. Along the way, John Mark made stops at young, up-and-coming startups, such as Groundwork, Hyperic and then Gluster (later acquired by Red Hat). In between, there was a brief interlude at IDG World Expo, where he was the conference director for LinuxWorld, GridWorld and OSBC. His advice for companies who want to "do community" is to trust your community and give them the space to "just try s***." John Mark loves to perform community karaoke, and is available for weddings, funerals and Bar/Bat Mitzvahs
Very few trends in IT have generated as much buzz as cloud computing. This talk will cut through the hype and quickly clarify the ontology for cloud computing. The bulk of the conversation will focus on the open source software that can be used to build compute clouds (infrastructure-as-a-service) and the complimentary open source management tools that can be combined to automate the management of cloud computing environments. The discussion will appeal to anyone who has a good grasp of traditional data center infrastructure but is struggling with the benefits and migration path to a cloud computing environment. Systems administrators and IT generalists will leave the discussion with a general overview of the options at their disposal to effectively build and manage their own cloud computing environments using free and open source software.
[Presented as part of the Open Source Build a Cloud program on 2/28/2012 - http://cloudstack.org/about-cloudstack/cloudstack-events.html?categoryid=6]
More from CloudStack - Open Source Cloud Computing Project (20)
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
3. Feature overview
• Orchestration of L2 – L7 network services
– IPAM, DNS, Gateway, Firewall, NAT, LB, VPN, etc
• Mix-and-match services and providers
• Out-of-the-box integration with automated deployment of virtual routers
– Highly available network services using CloudStack HA and VRRP
• Orchestrate external providers such as hardware firewalls and load
balancers
– Devices can provide multiple services
– Admin API to configure external devices
– Plugin-based extensions for network behavior and admin API extensions
• Multiple multi-tenancy [network isolation] options
• Integrated traffic accounting
• Access control
• Software Defined Networking too
4. Basic vs Advanced Networking
• Segmentation based on feature set and ease-of-
deployment
• Both are feature-rich
• Basic implements true AWS-style L3-isolation
– Tenants do not get contiguous IP addresses or subnets
– Network segmentation based on Security Groups
– Tremendous scale (tens of thousands)
• Advanced Zone offers full L3 subnets
– VLANs are default implementation (4K limit)
– More features (source NAT, PF, VPN)
5. CloudStack Terminology
• Guest network
– The tenant network to which instances are attached
• Storage network
– The physical network which connects the hypervisor to primary storage
• Management network
– Control Plane traffic between CloudStack management server and hypervisor clusters
• Public network
– “Outside” the cloud *usually Internet+
– Shared public VLANs trunked down to all hypervisors
• All traffic can be multiplexed on to the same underlying physical network using
VLANs
– Usually Management network is untagged
– Storage network usually on separate nic (or bond)
• Admin informs CloudStack how to map these network types to the underlying
physical network
– Configure traffic labels on the hypervisor
– Configure traffic labels on Admin UI
6. PHYSICAL NETWORK IN A ZONE
Core (L3) Network
Pod 1 Pod 2 Pod N
Cloudstack Access Switch(es)
Server
Cloudstack
Servers
…
CLUSTER 1
Hypervisor 1
VM Traffic …
Hypervisor 8
Control Plane Traffic
Storage Traffic Storage 2
Storage 1
Public Traffic
…
CLUSTER 4
Hypervisor N
Hypervisor N+1
Storage k
7. L2 Features
• Choice of network isolation
– Physical, VLAN, L3 (anti-spoof), Overlay[GRE]
– Physical isolation through network labels [limited to # of nics or bonds]
• Multi-nic
– Deploy instance in multiple networks
– Control default route
• Access control
– Shared networks, project networks
– Dedicated VLANs offer MPLS integration
• Anti-spoofing for L3-isolated networks
• QoS [max rate]
• Traffic monitoring
• Broadcast & multicast suppression in L3-isolated networks
• Hot-plug / detach of nics [upcoming]
8. L3 Features
• IPAM [DHCP], Public IP address management
– VR acts as DHCP server
– Can request multiple public IPs per tenant
• Gateway (default gateway)
– Redundant VR (using VRRP)
– Inter-subnet routing [upcoming]
– Static routing control [upcoming]
• Remote Access VPN
– L2TP over IPSec using PSK
– Virtual Router only
• Firewall based on source cidr
• Static NAT [1:1]
– Including “Elastic IP” in Basic Zone
• Source NAT
– Per-network, or interface NAT
• Public Traffic usage
– Monitoring on the Virtual Router / External network device
– Integration with sFlow collectors
• Site-to-Site VPN [upcoming]
– IPSec VPN based on VR
• L3 ACLs [upcoming]
9. L4 Features
• Security groups for L3-isolation
– “Basic Zone” in docs
– Default AWS-style networking
– Scales much better than VLANs
• Stateful firewall for TCP, UDP and ICMP
• Port forwarding *“Advanced Zone”+
– Conserve public Ips
10. L7 features
• Loadbalancer
– VR has HAProxy built in
– External Loadbalancer support
• Netscaler (MPX/SDX/VPX)
• F5 BigIP
• Can dedicate an LB appliance to an account or share it among tenants
– Loadbalancer supported with L3-isolation as well
– Stickiness support
– SSL support [future]
– Health Checks [future]
• User-data & meta-data
– Fetched from virtual router
• Password change server
11. Physical Network
Operations
Users
Admin and
Cloud API
CloudStack
Mgmt Server
Cluster Router
MySQL
Load Balancer
Availability Zone
L3 Core Switch
Access
Layer
Switches
Secondary
Servers
… … … … … Storage
Pod 1 Pod 2 Pod 3 Pod N
12. Layer 3 cloud networking
Web DB Web
VM VM VM
Web DB
Security Security
Group Group
Web Web DB
VM VM VM
… … …
Web Web
VM VM
13. Guest Networks with L3 isolation
Public Public IP Guest Guest
Internet address 1 VM address
65.37.141.11 1 10.1.0.2
10.1.0.1 Guest
65.37.141.24 Pod 1 L2 Guest
65.37.141.36 Switch 2 VM address
65.37.141.80 1 10.1.0.3
Guest Guest
1 VM address
L3 Core
Pod 2 L2
Switch
10.1.8.1
… 2 10.1.0.4
Switch
Guest Guest
Load 10.1.16. 2 VM address
Pod 3 L2
Balancer 1 2 10.1.16.12
Switch
Guest
Guest
2 VM
address
3
10.1.16.21
… Guest
1 VM
Guest
address
3
10.1.16.47
Guest
Guest
1 VM
address
4
10.1.16.85
14. Virtual Networks (L2 isolation)
Core (L3) Network
Pod K Pod M Pod N
Access Switch(es) V
Hypervisor
V
V
Hypervisor
R
…
CLUSTER 1
Hypervisor 1
R
VM Traffic …
Hypervisor 8
Public Traffic
…
CLUSTER 4
V V
Hypervisor N
V Tenant VM
Hypervisor N+1
V
R Tenant Virtual Router
15. Guest virtual layer-2 network
Guest Virtual Network
10.1.1.0/24
Public Public IP Guest
Gateway Guest
Network address 1 VM
address address
65.37.141.11 1
10.1.1.1 10.1.1.2
65.37.141.36
Guest 1 Guest Guest
Public Virtual 1 VM address
Internet Router 2 10.1.1.3
NAT
Guest Guest
DHCP
1 VM address
Load
3 10.1.1.4
Balancing
VPN Guest Guest
1 VM address
4 10.1.1.5
Guest Virtual Network
Public IP 10.1.1.0/24
address Gateway Guest Guest
65.37.141.24 address 2 VM address
65.37.141.80 10.1.1.1 1 10.1.1.2
Guest 2 Guest Guest
Virtual 2 VM address
Router 2 10.1.1.3
NAT
Guest Guest
DHCP
2 VM address
Load
3 10.1.1.4
Balancing
VPN
16. Layer-2 Guest Virtual Network
CS Virtual Router provides Network Services External Devices provide Network Services
Guest Virtual Network 10.1.1.1/8 Guest Virtual Network 10.1.1.1/8
VLAN 100 VLAN 100
Public Public
Network/Intern Network/Intern
et Guest et Guest
Public IP Private IP 10.1.1.1
10.1.1.1 VM 1 10.1.1.111 VM 1
Gateway 65.37.141.11 Juniper
Public IP 1 SRX
address
65.37.141.11 CS Firewall
10.1.1.1 Guest Guest
Virtual
10.1.1.3 VM 2 10.1.1.3 VM 2
Router
Public IP Private IP
DHCP, DNS 65.37.141. NetScaler 10.1.1.112
NAT Guest 112 Load Guest
Load Balancing 10.1.1.4 VM 3 Blancer VM 3
10.1.1.4
VPN
Guest Guest
10.1.1.5 VM 4 10.1.1.5 VM 4
CS
DHCP, Virtual
Router
DNS
17. Other Topologies
No services [Static Ips] Dedicated VLAN with DHCP and DNS
User can request specific IP[s] for NIC
Guest Virtual Network 10.1.1.0/24 Guest Virtual Network 10.1.1.0/24
VLAN 100 VLAN 100
Guest Guest
VM 1 10.1.1.1 VM 1
10.1.1.1
Gateway address
10.1.1.1
Guest Guest
10.1.1.3 VM 2 Gateway 10.1.1.3 VM 2
address
10.1.1.1
Guest Guest
Core switch 10.1.1.4 VM 3 VM 3
10.1.1.4
Guest
Core switch Guest
10.1.1.5 VM 4 10.1.1.5 VM 4
CS
DHCP, Virtual
Router
DNS
User-data
18. Other topologies
MPLS Shared VLAN with DHCP and DNS
Guest Virtual Network 10.1.1.0/24 Guest Virtual Network 10.1.1.0/24
VLAN 100 VLAN 100
MPLS VLAN 100 Guest Guest
VM 1 10.1.1.1 VM 1
10.1.1.100
Gateway address
10.1.1.1
Guest Guest
10.1.1.200 VM 2 Gateway 10.1.1.3 VM 2
address
10.1.1.1
Guest Guest
Core switch 10.1.1.101 VM 3 VM 3
10.1.1.4
Guest
Core switch Guest
10.1.1.11 VM 4 10.1.1.5 VM 4
5
CS CS
DHCP, Virtual DHCP, Virtual
Router Router
DNS DNS
User-data User-data
19. Multi-tier network
Multi-tier network
Virtual Network Virtual Network
Virtual Network 10.1.2.0/24 10.1.3.0/24
10.1.1.0/24 VLAN 1001 VLAN 141
Public VLAN 100
Network/Intern App VM
10.1.2.31 1 10.1.3.21
et Web VM
Public IP Private IP 10.1.1.1 1 10.1.2.21
65.37.141.11 Juniper 10.1.1.111
1 SRX App VM
Firewall 10.1.2.24 10.1.3.45
Web VM 2
10.1.1.3 2 10.1.2.18
Public IP Private IP
65.37.141. Netscaler 10.1.1.112
112 Load Web VM
Balancer 10.1.1.4 3 10.1.2.38 10.1.3.24 DB VM 1
Web VM
10.1.1.5 4 10.1.2.39
CS DHCP, CS DHCP,
Virtual Virtual DNS CS
DHCP, DNS, Router Virtual
Router
User- User-
DNS Router
data data,
User-
Source
data Public IP
-NAT,
65.37.141.115
20. Bring-your-own Service
Public VLAN(s)
VR
Guest VLAN
Customer
installs static
route to point
to his routing Your
vm VM VM VM Routing
VM
Monitoring VLAN
(shared)
21. Bring-your-own Service[site-to-site-vpn]
Public VLAN(s)
VR
Guest VLAN
Customer
installs static
route
(manually/au Your
tomated VM VM VM Routing
config) to VM
point to his
routing vm.
Routing VM
provides Site- Shared Public VLAN
to-site VPN
(configured
directly on
routing VM,
not by
CloudStack)
22. Multi-tier unified [vision]
Internet
IPSec or SSL site-to-site VPN
CS
Virtual Router / Customer
Loadbalancer Other Premises
Monitoring VLAN
Virtual Router Services
App VM
• IPAM 10.1.2.31 1
• DNS 10.1.1.1
Web VM
1
• LB [intra]
• S-2-S VPN App VM
10.1.2.24
• Static Routes Web VM 2
• ACLs 10.1.1.3 2
• NAT, PF
• FW [ingress & egress]
Web VM
• BGP 10.1.1.4 3 10.1.3.24 DB VM 1
Web VM
10.1.1.5 4
Virtual Network Virtual Network Virtual Network
10.1.1.0/24 10.1.2.0/24 10.1.3.0/24
VLAN 100 VLAN 1001 VLAN 141
23. Multi-tier unified with SDN[vision]
Internet
IPSec or SSL site-to-site VPN
CS
Loadbalancer Virtual Router / Customer
Other Premises
Virtual Appliance
Monitoring VLAN
Virtual Router Services
App VM
• IPAM 10.1.2.31 1
• DNS 10.1.1.1
Web VM
1
• LB [intra]
• S-2-S VPN App VM
10.1.2.24
• Static Routes Web VM 2
• ACLs 10.1.1.3 2
• NAT, PF
• FW [ingress & egress]
Web VM
• BGP 10.1.1.4 3 10.1.3.24 DB VM 1
Web VM
10.1.1.5 4
Overlay Overlay Overlay
Network Network Network
10.1.1.0/24 10.1.2.0/24 10.1.3.0/24
24. Network Offerings
• Cloud provider defines the
feature set for guest networks
• Toggle features or service levels
– Security groups on/off
– Load balancer on/off
– Load balancer software/hardware
– VPN, firewall, port forwarding
• User chooses network offering
when creating network
• Enables upgrade between
network offerings
• Default offerings built-in
– For classic CloudStack networking
25. Service Offerings
Specify Resource Levels Configure Properties Define Scope
Compute Disk Network
Name Name Name
CPU Cores Custom Disk Size Network Rate
CPU (MHz) Disk Size (GB) Redundant VR
Storage Tag Firewall
Memory (MB)
Load balancer
Host Tag
Enable HA Public Public
CPU Cap
Public
26. CloudStack Network Service Providers
• A Network Service Provider is hardware or virtual
appliance that makes a network service possible in
CloudStack ; for example, a Citrix NetScaler
appliance can be installed in the cloud to provide
Load-Balancing services.
• Administrators can have multiple instances of the
same service provider in a network; for example,
more than one Citrix NetScaler or Juniper SRX
device can be added to CloudStack
• CloudStack supports the following Network
Providers:
– CloudStack Virtual Router (default)
– Citrix NetScaler SDX, VPX and MPX models
– Juniper SRX
– F5 BigIP
27. Adding an Additional Network Offerings
Network Network
Offering Offering Order
Status control
28. Network Service Providers Matrix
• Network offerings is basically a definition of what Network Services are
available when this offering is used. The available Network Services are: VPN,
DHCP, DNS, Firewall, Load Balancer, User Data, Source NAT, Static NAT, Port
Forwarding and Security Groups*
Feature Virtual Router Citrix Juniper SRX F5 BigIP
NetScaler
Remote Access VPN YES N/A N/A N/A
Firewall YES N/A YES N/A
Source NAT YES N/A YES N/A
Static NAT YES YES YES N/A
Load Balancing YES YES N/A YES
Port Forwarding YES N/A YES N/A
Elastic IP N/A YES N/A N/A
Elastic LB N/A YES N/A N/A
DHCP/DNS/User Data YES N/A N/A N/A
29. CloudStack User APIs [sample]
• Networks (L2)
– createNetwork [requires network offering id],
– deleteNetwork (A), listNetworks,
– restartNetwork (A): restarts all devices (if allowed)
supporting the network and re-applies
configuration
– updateNetwork: update network offering and
restart network
30. Adding a Shared Guest Network
• Only Administrators can add a Shared Guest Network for an Advanced zone
32. Editing Guest Networks
When editing a guest network
users can change the network
offering. They can either upgrade
to a “premium” network offering
(for example offering that uses
hardware Load-balancer) or
downgrade to a “cheaper”
network.
33. Restarting and Cleaning Up a Guest Network
• Restarting the network will
simply resend all the LB,
Firewall and Port-Forwarding
rules to the network provider
• Restarting the Network with
“Clean up”:
• restarting network elements - virtual
routers, DHCP servers
• If virtual router is used, it will be destroyed
and recreated
• Reapplying all public IPs to the network
provider
• Reapplying load-Balancing/Port-
Forwarding/Firewall rules
34. Deleting a Guest Network
• An Isolated Guest Network can only be deleted if no VMs are
using these network (e.g. Completely destroyed and expunged)
• Deleting a Network will Destroy the Virtual Router (if used) and
will release the Public IPs back to the IP Pool
35. Extending CloudStack Networking
2. prepare (Network, Nic, DeployDestination, VmInfo)
1. prepare (part of start vm)
Network Network Element PluggableService
Manager
Needs to be added as of 5/2/2012 Device Configuration
MyDnsDeviceSer Admin API (CRUD)
DnsService
vice
3. addDnsRecord(ip, fqdn)
Demonstrates one way to MyDnsDeviceMa MySQL
MyDnsElement
inform an external DNS nager
server when an instance
starts. AgentManag
4.Enqueue AddDnsRecord er Queue
Classes shaded blue form a
plugin / service bundle to
integrate an external DNS MyDnsDeviceRes
server. Clients of the ource
instance can then use DNS
names to access the 5.API call to Dns Device
instance.
36. CloudStack Virtual Router (Virtual
Router)
• The Virtual Router will be deployed once (when the first
instance is deployed in a Zone) when a Shared Network is used
providing DHCP and DNS services for the Zone’s Instances (IPs
will be allocated from the Public IP Range entered in
CloudStack)
• When Advanced is used the Router will be deployed Per-
Account (and Per Unique Isolated Guest Network)
• Virtual Router can serve and isolate VMs even if deployed on a
different Hypervisor
37. CloudStack Virtual Router
• The Virtual Router will have 3 NICs:
– Eth0 will be connected to the Isolated Guest Network (for Advanced VLAN). It will have the first IP in
the CIDR (for example10.1.1.1) and it will be the DNS, DHCP and Gateway for the Instances in the
Private Guest Network.
– Eth1 resides on local-link network (only for KVM and XenServer) or the Management Network (on
VMware) and is used by CloudStack to configure the virtual router. On VMware it will use an IPs from
the Management Network IP Range (e.g. Pod Private Range)
– Eth2 resides on the Public Network and assigned with a Public IP from the range entered in CloudStack
(users can ‘Acquire New IPs’ if needed)
• In the default Isolated Mode - Source NAT is automatically configured on
the virtual router to forward outbound traffic for all guest VMs and block all
incoming traffic (users can manage incoming rules from UI)
38. Virtual Router Information (applies to
all Sys. VMs)
• Debian 6.0 ("Squeeze"), 2.6.32 kernel with the latest security patches from the Debian security
APT repository. No extraneous accounts
• 32-bit for enhanced performance on Xen/VMWare
• Only essential software packages are installed. Services such as, printing, ftp, telnet, X, kudzu,
dns, sendmail are not installed.
• SSHd only listens on the private/link-local interface. SSH port has been changed to a non-
standard port. SSH logins only using keys (keys are generated at install time and are unique for
every customer)
• pvops kernel with Xen paravirt drivers + KVM virtio drivers + VMware tools for optimum
performance on all hypervisors. Xen tools inclusion allows performance monitoring
• Template is built from scratch and is not polluted with any old logs or history
• Latest versions of haproxy, iptables, ipsec, apache from debian repository ensures improved
security and speed
• Latest version of jre from Oracle ensures improved security and speed
Editor's Notes
Network OfferingsThe administrator starts off with deciding the network offerings they want to provide throughout their entire cloud offering. Network Offerings group together a set of network services such as firewall, dhcp, dns, etc.Network Offerings allow specific network service providers to be specified.Network Offerings can be tagged to specifically choose the underlying network.Network Offerings have the following states: Disabled, Enabled, Inactive. All Network Offerings are created in the Disabled state. Once a network offering has been configured to the correct stateCertain Network Offerings are for used by the system only. This means end users cannot see them.Network Offerings can be updated to enable/disable services and providers. Once that is done, it is up to the administrator to reprogram all of the networks that are based on that network offering.Network Offerings tags cannot be updated. However, the tags on the physical networks can be updated and deleted.CloudStack is deployed with three default network offerings for the end users, virtual network offering and shared network offering without security group and a shared network offering with security group.
* Security Groups “providers” are the hypervisors (only XenServer and KVM)
NOTE: When selecting Project or Account Scope the Service Offering “Isolated Network without Source NAT” will be available.When selecting a Domain Scope, Administrators can decide if Network will be available for the domain only and its sub-domains.
For latest information: http://docs.cloud.com/Knowledge_Base/Domain_Router_Security