What’s New and What’s Upcoming in Apache CloudStack, Giles Sirett, ShapeBlue

Apache CloudStack
What's New and What's
Upcoming in Apache CloudStack
Giles Sirett

Who am I
• PMC Member & committer Apache
CloudStack
• Chair & Founder, CloudStack European User
Group
• CEO & Founder, ShapeBlue
• Physicist, recovering software engineer, sailor,
hiker

2024 Recent Releases
Release Information Release Date/ 2024 Type
4.19.0.0 2 February LTS
4.19.0.1 4 April Security
4.18.1.1 4 April Security
4.18.2.0 25 April Maintenance
4.18.2.1 5 July Security
4.19.1.0 19 July Maintenance
4.18.2.3 Aug 6 Security
4.19.1.1 Aug 6 Security
4.20.0.0 In code freeze LTS

Apache CloudStack 4.19
Release Information
• Released 2 Feb 2024
• 315 new features, improvements and bug
fixes
• 26 new features
• 4.19 is an LTS release
• EOL. Aug 2025

VMware to KVM Migration

• Converts VMware Instances, including disks,
networks and configurations to KVM
• Admin only feature
• Can migrate
• existing CloudStack VMware Instances
• VMware VMs from an external vCenter
Datacenter
• Uses virt-v2v to convert the Instance disks
• Migration of Linux Instances can be performed
when running
• For Windows, the Instances need to be stopped
• Scalability/performance improvements in 4.19.1

Destination KVM Hosts Linux Distribution Supported Versions
Alma Linux 8, 9
Red Hat Enterprise Linux 8, 9
Rocky Linux 8, 9
Ubuntu 22.04 LTS
Destination Host limitations:
• For Ubuntu Hosts only: When installing virt-v2v, it does not install nbdkit which is required in the
conversion of VMWare vCenter guests:
• apt install nbdkit
• For Windows Guest Only: Importing Windows Guest VMs from vSphere requires installing the virtio
drivers on the hypervisor hosts for the virt-v2v conversion:
• dnf install virtio-win (RHEL)
• apt install virtio-win (Ubuntu)

KVM Import
• Import external KVM Instances from:
• Remote KVM host
• QCOW2 from Shared or Local Storage
• Unmanaged Instances on KVM/CloudStack hosts
• Simple UI
• Likely to be used as batch tool (API/ Cloudmonkey)
• Allows the use of CloudStack as a KVM management layer

CloudStack DRS

• DRS automatically moves
Instances between Hosts
• Can be set globally or per
Cluster basis
• Hypervisor agnostic
• Supports two algorithms:
Balanced & Condensed
CloudStack DRS

CloudStack DRS
Balanced Algorithm
• Balances the load across hosts in a cluster
• Higher power consumption
• In case of a host failure, minimal impact on
running Instances
• Ideal for production environments
• Less likely to cause contention issues

CloudStack DRS
Condensed Algorithm
• Reduces the number of hosts in use
• Lower power consumption
• In case of a host failure, likely
greater impact on running Instances
• Ideal for staging/testing
environments
• More likely to cause contention
issues

VNF Appliance Support
Classic Network Appliance Network Function Virtualization
CDN WAN
Acceleration
Firewall Load
Balancing
IDS/IPS VoIP VPN Router
Fragmented non-commodity hardware
Physical installation and setup per site
Constrain Innovation and Evolution
High Capex/Opex
VNF VNF VNF VNF
Software
Functions
Standard Servers
and Switches
Network Function Provided in Software (VNFs)
Vendor agnostic
Run on Standard Hardware and Switches
Opex/Capex Saving and Better Time-to-Market
Opportunity for CSP’s

CloudStack VNF Appliance Support
Use Cases
• CSP’s selling “branded” network components
• SD WAN
• Load Balancing for High Availability
• Virtual Firewalls for Enhanced Security
• WAN Optimization for Improved Network Performance
• IDS/IPS for Intrusion Detection and Prevention
• VoIP and VPN for Secure Communications

VNF Appliance Support
• Allows users to deploy and configure 3rd party
VNF appliances in their CloudStack environment
• Configures required network interfaces
• Configures network rules for access to the
Appliance admin console
• Based on VNF Templates created by admin
• Usage recorded for billing by CSP
• Support API and UI Set up and Deployment

VNF Appliances Support
Template NIC Management
• Management
• WAN
• LANs
Template VNF Details
Used to add firewall rules and
display VNF details to the Users:
• User credentials
• Service port and protocol
• Vendor and Maintainer
• VNF Version
• Others

CloudStack Object Storage
Object Store Provider
MinIO
CEPH
CloudStack
Object
Storage
Framework
CloudStack
UI/API

CloudStack Object Store
• Object storage framework
• Currently provider for MIN.IO, Ceph in progress,
simulator for testing
• UI browser for managing the data.
• Admin specifies the object storage provider(s)
• The underlying object-storage provider is responsible
for flexible storage management, multi-site
replication, security, and backup
• Supports features: bucket quota, encryption,
versioning, object lock and bucket policy (public,
private)

CloudStack Object Store

CloudStack Snapshot Copy
Recuring Snapshot
Copying existing Snapshot
Creating new Snapshot

Scheduled Lifecycle operations

• Schedule based running of routine Instance tasks
• Start
• Stop
• Reboot
• An Instance can have multiple schedules
Scheduled Instance Lifecycle Operations

OAuth2 Authentication
• OAuth2 framework
• Currently plugins for Currently Google
and GitHub
• Easy to configure

Not covered today
• Configurable SNAT IP for VR
• Granular Storage Management
• Safe ACS Shutdown Feature
• Dashboard redesign for non-root accounts and projects
• CAPC aware CKS
• support for vSphere 8.0.0
• Domain migration (Move sum domains between domains)
• HPE Primera, Pure Flasharray Support
• Dynamic secondary storage selection
• KVM Host HA for StorPool

Resources
• Source release
• https://cloudstack.apache.org/downloads/
• Documentation
• https://docs.cloudstack.apache.org/en/4.19.0.0/
• Convenience Packages
• https://download.cloudstack.org/
• https://www.shapeblue.com/cloudstack-packages/
• Contribute
• https://github.com/apache/cloudstack

Release Information
• Code freeze 10/9/2024
• 4.20.0 release expected
October 2024
• LTS release
• EOL c. April 2026
• My count: 31 new features

ARM64 Support and Multi Architecture Zones

• When creating an Instance, Users can
now choose between x86_64 and ARM64
Architectures
• Architecture type is specified when
creating:
• Templates
• ISO’s
• Kubernetes Versions
• CloudStack Clusters now have an
assigned Architecture type
• A zone can support both types
simultaneously

• Users can create a file share for consumption in other Instances (think
EFS)
• CloudStack orchestrates the creation of an underlying Instance, volume,
etc.
Shared FileSystems

• Framework architecture allows use of any file
share provider. Currently provider for NFS (XFX or
EXT4) hosted on CloudStack Instance
• Users Userdata/ udev to deploy/manage Fileshare
provider
• FileSystem object give access & mount information
• 11 New API’s, including:
• CreateFileShare
• ListFileShare
Shared FileSystems

• New Network Element plugin
(similar to plugin for Tungsten
Fabric) for NSX 4
• Configured at Zone level
(isolation method)
• Offloads network operations
from VR to NSX:
Vmware NSX Support

• Virtual Private Clouds (VPCs),
• Isolated Networks
• Kubernetes Service
• Supports:
• Routing between VPC network tiers (NSX segments)
• Access Lists (ACLs) between VPC tiers and "public" network (TCP, UDP, ICMP) both as global
egress rules and “public” IP specific ingress rules.
• ACLs between VPC network tiers (TCP, UDP, ICMP)
• Port Forwarding between “public” networks and VPC network tiers
• External load balancing – between VPCs network tiers and “public” networks
• Internal load balancing – between VPC network tiers
• Password injection, UserData and SSH Keys
• External, Internal DNS
• DHCP
• Kubernetes host orchestration (with limited support for CKS on VPCs)
Vmware NSX Support

• Management Interface for
CloudStack Usage Service
• Allows:
• Search/Browse of usage
data
• Usage generation
• Purge
• Export
Usage Management UI

• Allows users to consume CloudStack events
• Use-cases:
• notifications
• data synchronization
• workflow automation
• custom integrations
• real-time data processing
CloudStack Webhooks

CloudStack Webhooks
• Admin accounts can choose
scope
• No event further filtering at this
stage
• Requires the parser to
select the right events

Implicit hardware based Host tags

• Host tags now automatically populated by agent.properties file
• Agent properties file can be created during physical host deployment (via Ansible,etc)
• Can be used for
• Different Hardware types
• GPU,
• gpu type,
• SSD,
• raid type
• network card type
• Different workloads
• cpu-intensive application,
• memory-intensive application,
• windows Instances

• Explicit tags: The host tags
managed by CloudStack API/UI
• Implicit tags: The host tags
managed by agent.properties
• How-to: add to agent.properties,
restart cloudstack-agent
host.tags=cpu-32,memory-
250,gpu-type,nvme-ssd

• Extensible limits based on tagging for
Compute & Storage Service Offerings
• Can be User, Account, domain level
• Configured with 2 global settings
• Then tags added to Service Offerings
Granular Resource limits

Granular Resource limits
• New “Tagged Limits”
then appear at
Account, Domain or
Global levels

• Backup and Recovery Framework
• Simple NAS based Backup provider (in addition to Veeam, Dell and
Backroll)
• Object Storage Framework
• CEPH RGW Provider (in addition to Min.IO)
New Framework providers

Shared networks
• VMs use direct IPs (public or internal)
• Operators configure gateway on
upstream router
• Can only added by ROOT admin
• VR provides Dhcp/Dns/Userdata
Isolated networks and VPC
• Can be created by regular users.
• VMs use private IPs. VMs are not directly accessible
• VMs can be accessed via Static NAT, LB, PF, VPN, etc
• VR as Source NAT gateway (performance !)
Dynamic & static routing

ROUTED isolated network and
ROUTED VPC:
• Can be created by regular users.
• VMs are directly accessible
• DNAT/Lb/PF/VPN are not needed
• VR as gateway (not Source NAT!)
• Low overload
• High throughput (2-2.5X gain)

• Challenge: Gateway (upstream router) and CloudStack VR must
know how to forward the packets
• from VMs to outside
• from outside to VMs
Routing mode What operators need to do
Static Operators have to add routes for each network manually in
gateway (upstream router)
Dynamic Operators configure dynamic BGP in gateway (upstream
router)
The routes will be automatically advertised to routers
(upstream and virtual) via BGP

Questions ?
Giles Sirett
Giles.Sirett@shapeblue.com
Giles@Apache.org
/in/gilessirett
@GilesSirett

What’s New and What’s Upcoming in Apache CloudStack, Giles Sirett, ShapeBlue

More Related Content

Similar to What’s New and What’s Upcoming in Apache CloudStack, Giles Sirett, ShapeBlue

More from ShapeBlue

Recently uploaded

What’s New and What’s Upcoming in Apache CloudStack, Giles Sirett, ShapeBlue