SlideShare a Scribd company logo

CloudStack European User Group - controlCircle

ShapeBlue
ShapeBlue

This document discusses ControlCircle's design of a segmented network for CloudStack management domains. Key points: - ControlCircle designed separate networks for DMZ, control, management, guest, public and database traffic to improve security and scale. - Troubleshooting use cases like ISO uploads was challenging due to limited documentation on segmented designs. - Lessons learned include relying on logs, considering network agility, understanding use cases in advance, and documenting designs and rules. The CloudStack community provides valuable troubleshooting support.

Technology
1 of 15
© Copyright ControlCircle 2013. All rights reserved. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the UK and other countries. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the United States and in other countries. Confidential Len Bellemore – Cloud Product Development 4th July 2013 Securing the CloudStack Management Domain
© Copyright ControlCircle 2013. All rights reserved. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the UK and other countries. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the United States and in other countries. Confidential Agenda • Who are ControlCircle • The design goals • Network design • Challenges faced • Example use case testing • How did we trouble shoot • Lessons learned
© Copyright ControlCircle 2013. All rights reserved. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the UK and other countries. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the United States and in other countries. Confidential • Our focus is delivering mission critical IT services that are of strategic importance to our customers - underpinning their business growth and competitiveness • We specialize in hybrid capabilities – from colocation to cloud - aligning our customers’ requirements to the right solution and ensuring they maintain full visibility and control through our Max3000™ monitoring and management platform Introduction to ControlCircle
© Copyright ControlCircle 2013. All rights reserved. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the UK and other countries. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the United States and in other countries. Confidential Design Goals • Security – Security in depth, not just at the edge – Containment of any attack – Identification of any attack • Traffic Segmentation – Reduce size of broadcast domains – Use of high capacity links for storage • Scale – Easy addition of physical sites/locations – Distribute the controller servers across multiple sites
© Copyright ControlCircle 2013. All rights reserved. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the UK and other countries. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the United States and in other countries. Confidential CloudStack Network Design Standard design • Single management network – CS Management Servers – CS MySQL DB – Hypervisors – SSVM – Console Proxy • Guest • Public • Storage – NFS/iSCSI Device What we designed • DMZ – Load Balancers – Web Servers – Internet Proxy • Control – CS Management Servers – vCenter – Windows Domain Controllers – DNS Servers (non- Guest) • Management – Hypervisors – SSVM, Console Proxy • Guest • Public • Database – CS MySQL DB • Storage – NFS/iSCSI Devices
© Copyright ControlCircle 2013. All rights reserved. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the UK and other countries. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the United States and in other countries. Confidential High Level Network Diagram Zone 1 Guest VMs Guest Virtual Routers Public 1 Secondary Primary Storage 1 CS Management vCenterDNS ProxyWeb Servers Guest VM Hosts Management 1 SSVM Console Proxy MySQL Guest 1 DMZ Control Database Control VM Hosts Control Segment 1 Zone 2 Guest VMs Guest Virtual Routers Public 2 Secondary Primary Storage 2 CS Management vCenterDNS ProxyWeb Servers Guest VM Hosts Management 2 SSVM Console Proxy MySQL Guest 2 DMZ Control Database Control VM Hosts Control Segment 2 Load Balancers Load Balancers Control Segment traffic is routed between physical sites
© Copyright ControlCircle 2013. All rights reserved. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the UK and other countries. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the United States and in other countries. Confidential Challenges we faced • Traffic flows difficult to ascertain • Logging detailed but ambiguous • Documentation scattered across internet • CloudStack documents only cover the standard single management network design • Testing had to be use case led – what are the use cases?
© Copyright ControlCircle 2013. All rights reserved. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the UK and other countries. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the United States and in other countries. Confidential Example use case ISO Upload • Copy ISO to a Web Server • Register ISO and input URL to ISO • SSVM Downloads ISO • SSVM copies ISO to Secondary Storage • Finished!
© Copyright ControlCircle 2013. All rights reserved. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the UK and other countries. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the United States and in other countries. Confidential ISO Upload Test outcome • Copy ISO to a Web Server • Register ISO and input URL to ISO • GUI error • CS Management Server log file reports name resolution failure • Troubleshooting is focused on CS Mgmt Server, no luck • Proxy? DNS Servers? Firewall Rules? • Confusion….. • http://www.cloudstack-china.org/wp-content/uploads/downloads/2012/12/ccc- cloudstacknetworking.pptx
© Copyright ControlCircle 2013. All rights reserved. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the UK and other countries. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the United States and in other countries. Confidential
© Copyright ControlCircle 2013. All rights reserved. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the UK and other countries. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the United States and in other countries. Confidential ISO Upload Final resolution • Focus back to SSVM • Realised that DNS was not resolving. Why? • Open firewall rules for DNS to correct IP • Retry ISO Upload • Presto!
© Copyright ControlCircle 2013. All rights reserved. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the UK and other countries. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the United States and in other countries. Confidential How did we Troubleshoot? • CS Management Server Logs • SSVM Logs • Firewall Logs • Work closely with the Network team • users@cloudstack.apache.org mailing list
© Copyright ControlCircle 2013. All rights reserved. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the UK and other countries. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the United States and in other countries. Confidential Lessons Learned Debugging and fault finding • There is no set way of doing things in CloudStack world • Official installation guides are written for simple networks • Documentation is scattered, blogs and unofficial sites are the best source of info • Logging is your friend, albeit a troubled one! • The community is your best troubleshooting tool Designing the solution • Consider agility when designing your network • Firewall rules based on single IP’s is not achievable – you need host and object groups • Understand the use cases prior to testing • Document firewall rules before you start building based on use cases • Document as you go
© Copyright ControlCircle 2013. All rights reserved. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the UK and other countries. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the United States and in other countries. Confidential Documentation and Resources • http://www.slideshare.net/cloudstack/ • http://www.shapeblue.com/ • http://www.buildacloud.org/ • http://markmail.org/ • http://cloudstack.apache.org/ • http://support.citrix.com/ • http://support.citrix.com/servlet/KbServlet/download/2389- 102-654859/CitrixPorts_by_Port_1103.pdf
© Copyright ControlCircle 2013. All rights reserved. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the UK and other countries. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the United States and in other countries. Confidential Any Questions ?

Recommended

Solid fire cloudstack storage overview - CloudStack European User Group
Solid fire cloudstack storage overview - CloudStack European User GroupSolid fire cloudstack storage overview - CloudStack European User Group
Solid fire cloudstack storage overview - CloudStack European User Group
ShapeBlue
 
Cloud stack networking shapeblue technical deep dive
Cloud stack networking shapeblue technical deep diveCloud stack networking shapeblue technical deep dive
Cloud stack networking shapeblue technical deep dive
ShapeBlue
 
Introduction to CloudStack Networking
Introduction to CloudStack NetworkingIntroduction to CloudStack Networking
Introduction to CloudStack Networking
ShapeBlue
 
Automating CloudStack and hypervisor installation and configuration
Automating CloudStack and hypervisor installation and configurationAutomating CloudStack and hypervisor installation and configuration
Automating CloudStack and hypervisor installation and configuration
Dag Sonstebo
 
Implementing CloudStack's VPC feature
Implementing CloudStack's VPC featureImplementing CloudStack's VPC feature
Implementing CloudStack's VPC feature
Marcus L Sorensen
 
Cloud Application Blueprints with Apache Brooklyn by Alex Henevald
Cloud Application Blueprints with Apache Brooklyn by Alex HenevaldCloud Application Blueprints with Apache Brooklyn by Alex Henevald
Cloud Application Blueprints with Apache Brooklyn by Alex Henevald
buildacloud
 
CloudStack Networking at CloudOpen Japan
CloudStack Networking at CloudOpen JapanCloudStack Networking at CloudOpen Japan
CloudStack Networking at CloudOpen Japan
Kimihiko Kitase
 
Cloud stack overview
Cloud stack overviewCloud stack overview
Cloud stack overview
howie YU
 

Recommended

Solid fire cloudstack storage overview - CloudStack European User Group
Solid fire cloudstack storage overview - CloudStack European User GroupSolid fire cloudstack storage overview - CloudStack European User Group
Solid fire cloudstack storage overview - CloudStack European User Group
ShapeBlue
 
Cloud stack networking shapeblue technical deep dive
Cloud stack networking shapeblue technical deep diveCloud stack networking shapeblue technical deep dive
Cloud stack networking shapeblue technical deep dive
ShapeBlue
 
Introduction to CloudStack Networking
Introduction to CloudStack NetworkingIntroduction to CloudStack Networking
Introduction to CloudStack Networking
ShapeBlue
 
Automating CloudStack and hypervisor installation and configuration
Automating CloudStack and hypervisor installation and configurationAutomating CloudStack and hypervisor installation and configuration
Automating CloudStack and hypervisor installation and configuration
Dag Sonstebo
 
Implementing CloudStack's VPC feature
Implementing CloudStack's VPC featureImplementing CloudStack's VPC feature
Implementing CloudStack's VPC feature
Marcus L Sorensen
 
Cloud Application Blueprints with Apache Brooklyn by Alex Henevald
Cloud Application Blueprints with Apache Brooklyn by Alex HenevaldCloud Application Blueprints with Apache Brooklyn by Alex Henevald
Cloud Application Blueprints with Apache Brooklyn by Alex Henevald
buildacloud
 
CloudStack Networking at CloudOpen Japan
CloudStack Networking at CloudOpen JapanCloudStack Networking at CloudOpen Japan
CloudStack Networking at CloudOpen Japan
Kimihiko Kitase
 
Cloud stack overview
Cloud stack overviewCloud stack overview
Cloud stack overview
howie YU
 
KVM High Availability Regardless of Storage - Gabriel Brascher, VP of Apache ...
KVM High Availability Regardless of Storage - Gabriel Brascher, VP of Apache ...KVM High Availability Regardless of Storage - Gabriel Brascher, VP of Apache ...
KVM High Availability Regardless of Storage - Gabriel Brascher, VP of Apache ...
ShapeBlue
 
What’s New in CloudStack 4.15 - CloudStack European User Group Virtual, May 2021
What’s New in CloudStack 4.15 - CloudStack European User Group Virtual, May 2021What’s New in CloudStack 4.15 - CloudStack European User Group Virtual, May 2021
What’s New in CloudStack 4.15 - CloudStack European User Group Virtual, May 2021
ShapeBlue
 
Hacking apache cloud stack
Hacking apache cloud stackHacking apache cloud stack
Hacking apache cloud stack
Nitin Mehta
 
CloudStack Networking
CloudStack NetworkingCloudStack Networking
CloudStack Networking
CloudStack - Open Source Cloud Computing Project
 
Cloud stack for_beginners
Cloud stack for_beginnersCloud stack for_beginners
Cloud stack for_beginners
Radhika Puthiyetath
 
CloudStack vs Openstack
CloudStack vs OpenstackCloudStack vs Openstack
CloudStack vs Openstack
Madan Ganesh Velayudham
 
Virtual Router in CloudStack 4.4
Virtual Router in CloudStack 4.4Virtual Router in CloudStack 4.4
Virtual Router in CloudStack 4.4
Sheng Yang
 
Private cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austinPrivate cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austin
Chiradeep Vittal
 
Building clouds with apache cloudstack apache roadshow 2018
Building clouds with apache cloudstack apache roadshow 2018Building clouds with apache cloudstack apache roadshow 2018
Building clouds with apache cloudstack apache roadshow 2018
ShapeBlue
 
Directions for CloudStack Networking
Directions for CloudStack NetworkingDirections for CloudStack Networking
Directions for CloudStack Networking
Chiradeep Vittal
 
Cloud stack troubleshooting
Cloud stack troubleshooting Cloud stack troubleshooting
Cloud stack troubleshooting
AlexTian
 
Hypervisor Selection in Apache CloudStack 4.4
Hypervisor Selection in Apache CloudStack 4.4Hypervisor Selection in Apache CloudStack 4.4
Hypervisor Selection in Apache CloudStack 4.4
Tim Mackey
 
Introduction to Apache CloudStack by David Nalley
Introduction to Apache CloudStack by David NalleyIntroduction to Apache CloudStack by David Nalley
Introduction to Apache CloudStack by David Nalley
buildacloud
 
Decisions behind hypervisor selection in CloudStack 4.3
Decisions behind hypervisor selection in CloudStack 4.3Decisions behind hypervisor selection in CloudStack 4.3
Decisions behind hypervisor selection in CloudStack 4.3
Tim Mackey
 
Hypervisor selection in CloudStack
Hypervisor selection in CloudStackHypervisor selection in CloudStack
Hypervisor selection in CloudStack
Tim Mackey
 
vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28
vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28
vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28
CloudStack - Open Source Cloud Computing Project
 
Cloud stack overview
Cloud stack overviewCloud stack overview
Cloud stack overview
gavin_lee
 
Cloudstack networking2
Cloudstack networking2Cloudstack networking2
Cloudstack networking2
Hiroaki Kawai
 
CloudStack vs OpenStack
CloudStack vs OpenStackCloudStack vs OpenStack
CloudStack vs OpenStack
Victor Zhang
 
vSAN architecture components
vSAN architecture componentsvSAN architecture components
vSAN architecture components
David Pasek
 
Con9573 managing the oim platform with oracle enterprise manager
Con9573 managing the oim platform with oracle enterprise manager Con9573 managing the oim platform with oracle enterprise manager
Con9573 managing the oim platform with oracle enterprise manager
OracleIDM
 
Webinar: Cloud Data Masking - Tips to Test Software Securely
Webinar: Cloud Data Masking - Tips to Test Software Securely Webinar: Cloud Data Masking - Tips to Test Software Securely
Webinar: Cloud Data Masking - Tips to Test Software Securely
Skytap Cloud
 

More Related Content

What's hot

KVM High Availability Regardless of Storage - Gabriel Brascher, VP of Apache ...
KVM High Availability Regardless of Storage - Gabriel Brascher, VP of Apache ...KVM High Availability Regardless of Storage - Gabriel Brascher, VP of Apache ...
KVM High Availability Regardless of Storage - Gabriel Brascher, VP of Apache ...
ShapeBlue
 
What’s New in CloudStack 4.15 - CloudStack European User Group Virtual, May 2021
What’s New in CloudStack 4.15 - CloudStack European User Group Virtual, May 2021What’s New in CloudStack 4.15 - CloudStack European User Group Virtual, May 2021
What’s New in CloudStack 4.15 - CloudStack European User Group Virtual, May 2021
ShapeBlue
 
Hacking apache cloud stack
Hacking apache cloud stackHacking apache cloud stack
Hacking apache cloud stack
Nitin Mehta
 
Building clouds with apache cloudstack apache roadshow 2018
Building clouds with apache cloudstack apache roadshow 2018Building clouds with apache cloudstack apache roadshow 2018
Building clouds with apache cloudstack apache roadshow 2018
ShapeBlue
 
vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28
vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28
vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28
CloudStack - Open Source Cloud Computing Project
 
Cloudstack networking2
Cloudstack networking2Cloudstack networking2
Cloudstack networking2
Hiroaki Kawai
 

What's hot (20)

KVM High Availability Regardless of Storage - Gabriel Brascher, VP of Apache ...
KVM High Availability Regardless of Storage - Gabriel Brascher, VP of Apache ...KVM High Availability Regardless of Storage - Gabriel Brascher, VP of Apache ...
KVM High Availability Regardless of Storage - Gabriel Brascher, VP of Apache ...
 
What’s New in CloudStack 4.15 - CloudStack European User Group Virtual, May 2021
What’s New in CloudStack 4.15 - CloudStack European User Group Virtual, May 2021What’s New in CloudStack 4.15 - CloudStack European User Group Virtual, May 2021
What’s New in CloudStack 4.15 - CloudStack European User Group Virtual, May 2021
 
Hacking apache cloud stack
Hacking apache cloud stackHacking apache cloud stack
Hacking apache cloud stack
 
CloudStack Networking
CloudStack NetworkingCloudStack Networking
CloudStack Networking
 
Cloud stack for_beginners
Cloud stack for_beginnersCloud stack for_beginners
Cloud stack for_beginners
 
CloudStack vs Openstack
CloudStack vs OpenstackCloudStack vs Openstack
CloudStack vs Openstack
 
Virtual Router in CloudStack 4.4
Virtual Router in CloudStack 4.4Virtual Router in CloudStack 4.4
Virtual Router in CloudStack 4.4
 
Private cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austinPrivate cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austin
 
Building clouds with apache cloudstack apache roadshow 2018
Building clouds with apache cloudstack apache roadshow 2018Building clouds with apache cloudstack apache roadshow 2018
Building clouds with apache cloudstack apache roadshow 2018
 
Directions for CloudStack Networking
Directions for CloudStack NetworkingDirections for CloudStack Networking
Directions for CloudStack Networking
 
Cloud stack troubleshooting
Cloud stack troubleshooting Cloud stack troubleshooting
Cloud stack troubleshooting
 
Hypervisor Selection in Apache CloudStack 4.4
Hypervisor Selection in Apache CloudStack 4.4Hypervisor Selection in Apache CloudStack 4.4
Hypervisor Selection in Apache CloudStack 4.4
 
Introduction to Apache CloudStack by David Nalley
Introduction to Apache CloudStack by David NalleyIntroduction to Apache CloudStack by David Nalley
Introduction to Apache CloudStack by David Nalley
 
Decisions behind hypervisor selection in CloudStack 4.3
Decisions behind hypervisor selection in CloudStack 4.3Decisions behind hypervisor selection in CloudStack 4.3
Decisions behind hypervisor selection in CloudStack 4.3
 
Hypervisor selection in CloudStack
Hypervisor selection in CloudStackHypervisor selection in CloudStack
Hypervisor selection in CloudStack
 
vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28
vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28
vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28
 
Cloud stack overview
Cloud stack overviewCloud stack overview
Cloud stack overview
 
Cloudstack networking2
Cloudstack networking2Cloudstack networking2
Cloudstack networking2
 
CloudStack vs OpenStack
CloudStack vs OpenStackCloudStack vs OpenStack
CloudStack vs OpenStack
 
vSAN architecture components
vSAN architecture componentsvSAN architecture components
vSAN architecture components
 

Similar to CloudStack European User Group - controlCircle

Best Practices for Building an Enterprise SOA Infrastructure on Oracle SOA Suite
Best Practices for Building an Enterprise SOA Infrastructure on Oracle SOA SuiteBest Practices for Building an Enterprise SOA Infrastructure on Oracle SOA Suite
Best Practices for Building an Enterprise SOA Infrastructure on Oracle SOA Suite
Matt Wright
 
SDC SR2 2013 - RCP Software Delivery
SDC SR2 2013 - RCP Software Delivery SDC SR2 2013 - RCP Software Delivery
SDC SR2 2013 - RCP Software Delivery
Genuitec, LLC
 

Similar to CloudStack European User Group - controlCircle (20)

Con9573 managing the oim platform with oracle enterprise manager
Con9573 managing the oim platform with oracle enterprise manager Con9573 managing the oim platform with oracle enterprise manager
Con9573 managing the oim platform with oracle enterprise manager
 
Webinar: Cloud Data Masking - Tips to Test Software Securely
Webinar: Cloud Data Masking - Tips to Test Software Securely Webinar: Cloud Data Masking - Tips to Test Software Securely
Webinar: Cloud Data Masking - Tips to Test Software Securely
 
Představení Oracle SPARC Miniclusteru
Představení Oracle SPARC MiniclusteruPředstavení Oracle SPARC Miniclusteru
Představení Oracle SPARC Miniclusteru
 
MySQL Manchester TT - MySQL Enterprise Edition
MySQL Manchester TT - MySQL Enterprise EditionMySQL Manchester TT - MySQL Enterprise Edition
MySQL Manchester TT - MySQL Enterprise Edition
 
The Changing Role of a DBA in an Autonomous World
The Changing Role of a DBA in an Autonomous WorldThe Changing Role of a DBA in an Autonomous World
The Changing Role of a DBA in an Autonomous World
 
Oracle NoSQL
Oracle NoSQLOracle NoSQL
Oracle NoSQL
 
Modern Data Security with MySQL
Modern Data Security with MySQLModern Data Security with MySQL
Modern Data Security with MySQL
 
Best Practices for Building an Enterprise SOA Infrastructure on Oracle SOA Suite
Best Practices for Building an Enterprise SOA Infrastructure on Oracle SOA SuiteBest Practices for Building an Enterprise SOA Infrastructure on Oracle SOA Suite
Best Practices for Building an Enterprise SOA Infrastructure on Oracle SOA Suite
 
Oracle database in cloud, dr in cloud and overview of oracle database 18c
Oracle database in cloud, dr in cloud and overview of oracle database 18cOracle database in cloud, dr in cloud and overview of oracle database 18c
Oracle database in cloud, dr in cloud and overview of oracle database 18c
 
Database as a Service, Collaborate 2016
Database as a Service, Collaborate 2016Database as a Service, Collaborate 2016
Database as a Service, Collaborate 2016
 
Nobl9+solarwinds SLOs are a Must-Have for SREs & Cloud-Native Services.pptx
Nobl9+solarwinds SLOs are a Must-Have for SREs & Cloud-Native Services.pptxNobl9+solarwinds SLOs are a Must-Have for SREs & Cloud-Native Services.pptx
Nobl9+solarwinds SLOs are a Must-Have for SREs & Cloud-Native Services.pptx
 
Cloud based database
Cloud based databaseCloud based database
Cloud based database
 
MySQL Enterprise Edition Overview
MySQL Enterprise Edition OverviewMySQL Enterprise Edition Overview
MySQL Enterprise Edition Overview
 
Advanced Monitoring for Amazon RDS - AWS 4D Event Manchester 16th June 2023
Advanced Monitoring for Amazon RDS - AWS 4D Event Manchester 16th June 2023Advanced Monitoring for Amazon RDS - AWS 4D Event Manchester 16th June 2023
Advanced Monitoring for Amazon RDS - AWS 4D Event Manchester 16th June 2023
 
SDC SR2 2013 - RCP Software Delivery
SDC SR2 2013 - RCP Software Delivery SDC SR2 2013 - RCP Software Delivery
SDC SR2 2013 - RCP Software Delivery
 
The great 8 of ODA
The great 8 of ODAThe great 8 of ODA
The great 8 of ODA
 
OOW-TBE-12c-CON7307-Sharable
OOW-TBE-12c-CON7307-SharableOOW-TBE-12c-CON7307-Sharable
OOW-TBE-12c-CON7307-Sharable
 
Life Outside of TFS
Life Outside of TFSLife Outside of TFS
Life Outside of TFS
 
MongoDB World 2019: Why NBCUniversal Migrated to MongoDB Atlas
MongoDB World 2019: Why NBCUniversal Migrated to MongoDB AtlasMongoDB World 2019: Why NBCUniversal Migrated to MongoDB Atlas
MongoDB World 2019: Why NBCUniversal Migrated to MongoDB Atlas
 
Automating secure server baselines with Chef
Automating secure server baselines with ChefAutomating secure server baselines with Chef
Automating secure server baselines with Chef
 

More from ShapeBlue

CloudStack Authentication Methods – Harikrishna Patnala, ShapeBlue
CloudStack Authentication Methods – Harikrishna Patnala, ShapeBlueCloudStack Authentication Methods – Harikrishna Patnala, ShapeBlue
CloudStack Authentication Methods – Harikrishna Patnala, ShapeBlue
ShapeBlue
 
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...
ShapeBlue
 
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
ShapeBlue
 
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
ShapeBlue
 
KVM Security Groups Under the Hood - Wido den Hollander - Your.Online
KVM Security Groups Under the Hood - Wido den Hollander - Your.OnlineKVM Security Groups Under the Hood - Wido den Hollander - Your.Online
KVM Security Groups Under the Hood - Wido den Hollander - Your.Online
ShapeBlue
 
Use Existing Assets to Build a Powerful In-house Cloud Solution - Magali Perv...
Use Existing Assets to Build a Powerful In-house Cloud Solution - Magali Perv...Use Existing Assets to Build a Powerful In-house Cloud Solution - Magali Perv...
Use Existing Assets to Build a Powerful In-house Cloud Solution - Magali Perv...
ShapeBlue
 
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
ShapeBlue
 
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlueElevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
ShapeBlue
 
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
ShapeBlue
 
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...
ShapeBlue
 
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlueWhat’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
ShapeBlue
 

More from ShapeBlue (20)

CloudStack Authentication Methods – Harikrishna Patnala, ShapeBlue
CloudStack Authentication Methods – Harikrishna Patnala, ShapeBlueCloudStack Authentication Methods – Harikrishna Patnala, ShapeBlue
CloudStack Authentication Methods – Harikrishna Patnala, ShapeBlue
 
CloudStack Tooling Ecosystem – Kiran Chavala, ShapeBlue
CloudStack Tooling Ecosystem – Kiran Chavala, ShapeBlueCloudStack Tooling Ecosystem – Kiran Chavala, ShapeBlue
CloudStack Tooling Ecosystem – Kiran Chavala, ShapeBlue
 
Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...
Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...
Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...
 
VM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlue
VM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlueVM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlue
VM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlue
 
How We Grew Up with CloudStack and its Journey – Dilip Singh, DataHub
How We Grew Up with CloudStack and its Journey – Dilip Singh, DataHubHow We Grew Up with CloudStack and its Journey – Dilip Singh, DataHub
How We Grew Up with CloudStack and its Journey – Dilip Singh, DataHub
 
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...
 
CloudStack 101: The Best Way to Build Your Private Cloud – Rohit Yadav, VP Ap...
CloudStack 101: The Best Way to Build Your Private Cloud – Rohit Yadav, VP Ap...CloudStack 101: The Best Way to Build Your Private Cloud – Rohit Yadav, VP Ap...
CloudStack 101: The Best Way to Build Your Private Cloud – Rohit Yadav, VP Ap...
 
How We Use CloudStack to Provide Managed Hosting - Swen Brüseke - proIO
How We Use CloudStack to Provide Managed Hosting - Swen Brüseke - proIOHow We Use CloudStack to Provide Managed Hosting - Swen Brüseke - proIO
How We Use CloudStack to Provide Managed Hosting - Swen Brüseke - proIO
 
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
 
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
 
KVM Security Groups Under the Hood - Wido den Hollander - Your.Online
KVM Security Groups Under the Hood - Wido den Hollander - Your.OnlineKVM Security Groups Under the Hood - Wido den Hollander - Your.Online
KVM Security Groups Under the Hood - Wido den Hollander - Your.Online
 
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
 
Use Existing Assets to Build a Powerful In-house Cloud Solution - Magali Perv...
Use Existing Assets to Build a Powerful In-house Cloud Solution - Magali Perv...Use Existing Assets to Build a Powerful In-house Cloud Solution - Magali Perv...
Use Existing Assets to Build a Powerful In-house Cloud Solution - Magali Perv...
 
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...
 
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
 
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...
 
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlueElevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
 
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
 
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...
 
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlueWhat’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
 

Recently uploaded

In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
Expeed Software
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
David Michel
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
CzechDreamin
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
CzechDreamin
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 

Recently uploaded (20)

In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 

CloudStack European User Group - controlCircle

  • 1. © Copyright ControlCircle 2013. All rights reserved. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the UK and other countries. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the United States and in other countries. Confidential Len Bellemore – Cloud Product Development 4th July 2013 Securing the CloudStack Management Domain
  • 2. © Copyright ControlCircle 2013. All rights reserved. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the UK and other countries. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the United States and in other countries. Confidential Agenda • Who are ControlCircle • The design goals • Network design • Challenges faced • Example use case testing • How did we trouble shoot • Lessons learned
  • 3. © Copyright ControlCircle 2013. All rights reserved. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the UK and other countries. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the United States and in other countries. Confidential • Our focus is delivering mission critical IT services that are of strategic importance to our customers - underpinning their business growth and competitiveness • We specialize in hybrid capabilities – from colocation to cloud - aligning our customers’ requirements to the right solution and ensuring they maintain full visibility and control through our Max3000™ monitoring and management platform Introduction to ControlCircle
  • 4. © Copyright ControlCircle 2013. All rights reserved. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the UK and other countries. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the United States and in other countries. Confidential Design Goals • Security – Security in depth, not just at the edge – Containment of any attack – Identification of any attack • Traffic Segmentation – Reduce size of broadcast domains – Use of high capacity links for storage • Scale – Easy addition of physical sites/locations – Distribute the controller servers across multiple sites
  • 5. © Copyright ControlCircle 2013. All rights reserved. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the UK and other countries. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the United States and in other countries. Confidential CloudStack Network Design Standard design • Single management network – CS Management Servers – CS MySQL DB – Hypervisors – SSVM – Console Proxy • Guest • Public • Storage – NFS/iSCSI Device What we designed • DMZ – Load Balancers – Web Servers – Internet Proxy • Control – CS Management Servers – vCenter – Windows Domain Controllers – DNS Servers (non- Guest) • Management – Hypervisors – SSVM, Console Proxy • Guest • Public • Database – CS MySQL DB • Storage – NFS/iSCSI Devices
  • 6. © Copyright ControlCircle 2013. All rights reserved. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the UK and other countries. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the United States and in other countries. Confidential High Level Network Diagram Zone 1 Guest VMs Guest Virtual Routers Public 1 Secondary Primary Storage 1 CS Management vCenterDNS ProxyWeb Servers Guest VM Hosts Management 1 SSVM Console Proxy MySQL Guest 1 DMZ Control Database Control VM Hosts Control Segment 1 Zone 2 Guest VMs Guest Virtual Routers Public 2 Secondary Primary Storage 2 CS Management vCenterDNS ProxyWeb Servers Guest VM Hosts Management 2 SSVM Console Proxy MySQL Guest 2 DMZ Control Database Control VM Hosts Control Segment 2 Load Balancers Load Balancers Control Segment traffic is routed between physical sites
  • 7. © Copyright ControlCircle 2013. All rights reserved. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the UK and other countries. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the United States and in other countries. Confidential Challenges we faced • Traffic flows difficult to ascertain • Logging detailed but ambiguous • Documentation scattered across internet • CloudStack documents only cover the standard single management network design • Testing had to be use case led – what are the use cases?
  • 8. © Copyright ControlCircle 2013. All rights reserved. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the UK and other countries. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the United States and in other countries. Confidential Example use case ISO Upload • Copy ISO to a Web Server • Register ISO and input URL to ISO • SSVM Downloads ISO • SSVM copies ISO to Secondary Storage • Finished!
  • 9. © Copyright ControlCircle 2013. All rights reserved. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the UK and other countries. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the United States and in other countries. Confidential ISO Upload Test outcome • Copy ISO to a Web Server • Register ISO and input URL to ISO • GUI error • CS Management Server log file reports name resolution failure • Troubleshooting is focused on CS Mgmt Server, no luck • Proxy? DNS Servers? Firewall Rules? • Confusion….. • http://www.cloudstack-china.org/wp-content/uploads/downloads/2012/12/ccc- cloudstacknetworking.pptx
  • 10. © Copyright ControlCircle 2013. All rights reserved. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the UK and other countries. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the United States and in other countries. Confidential
  • 11. © Copyright ControlCircle 2013. All rights reserved. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the UK and other countries. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the United States and in other countries. Confidential ISO Upload Final resolution • Focus back to SSVM • Realised that DNS was not resolving. Why? • Open firewall rules for DNS to correct IP • Retry ISO Upload • Presto!
  • 12. © Copyright ControlCircle 2013. All rights reserved. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the UK and other countries. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the United States and in other countries. Confidential How did we Troubleshoot? • CS Management Server Logs • SSVM Logs • Firewall Logs • Work closely with the Network team • users@cloudstack.apache.org mailing list
  • 13. © Copyright ControlCircle 2013. All rights reserved. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the UK and other countries. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the United States and in other countries. Confidential Lessons Learned Debugging and fault finding • There is no set way of doing things in CloudStack world • Official installation guides are written for simple networks • Documentation is scattered, blogs and unofficial sites are the best source of info • Logging is your friend, albeit a troubled one! • The community is your best troubleshooting tool Designing the solution • Consider agility when designing your network • Firewall rules based on single IP’s is not achievable – you need host and object groups • Understand the use cases prior to testing • Document firewall rules before you start building based on use cases • Document as you go
  • 14. © Copyright ControlCircle 2013. All rights reserved. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the UK and other countries. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the United States and in other countries. Confidential Documentation and Resources • http://www.slideshare.net/cloudstack/ • http://www.shapeblue.com/ • http://www.buildacloud.org/ • http://markmail.org/ • http://cloudstack.apache.org/ • http://support.citrix.com/ • http://support.citrix.com/servlet/KbServlet/download/2389- 102-654859/CitrixPorts_by_Port_1103.pdf
  • 15. © Copyright ControlCircle 2013. All rights reserved. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the UK and other countries. ControlCircle products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of ControlCircle in the United States and in other countries. Confidential Any Questions ?