2. Outline
• Overview of CloudStack
• Problem Definition
• Feature set overview
• Network
• Storage
3. • Secure, Multi-tenant cloud
orchestration platform
– Turnkey solution for delivering
IaaS clouds
– Hypervisor agnostic
– Scalable and secure
– Open source, open standards
– Deploys on premise or as a hosted
solution
• Deliver cloud services faster
and cheaper
Build your cloud the way the
world’s most successful clouds
are built
What is CloudStack
4. • 2009: Cloud.com, 100% proprietary
• 2010: Cloud.com, open core, GPL v3
• 2011: Citrix Systems, 100% open, GPL v3
• 2012: ASF, 100% open, Apache License 2
• 2013: Graduated from incubator to ASF TLP
History of Apache CloudStack
5.
6. Multi-tenant
Public Cloud
• Dedicated
resources
• Security & total
control
• Internal network
• Managed by
Enterprise or 3rd
party
• Mix of shared and
dedicated
resources
• Elastic scaling
• Pay as you go
• Public internet,
VPN access
Hosted
Enterprise Cloud
• Dedicated
resources
• Security
• SLA bound
• 3rd party owned
and operated
Private Clouds Public Clouds
On-premise
Enterprise Cloud
CloudStack Supports Multiple Cloud Strategies
8. • Offer a scalable, flexible, manageable IaaS platform that
follows established cloud computing paradigms
• IaaS
– Orchestrate physical and virtual resources to offer self-service
infrastructure provisioning and monitoring
• Scalable
– 1 -> N hypervisors / VMs / virtual resources
– 1 -> N end users
• Flexible
– Handle new physical resource types
• Hypervisors, storage, networking
– Add new APIs
– Add new services
– Add new network models
Problem Definition
9. • Manageable
– Hide complexity of underlying resources
– Rich functional end-user and admin UI
– Admin API to automate operations
– Easy install, upgrade for small -> large clouds
– Simple scaling, automated resilience
Problem Definition (cntd)
12. Select Compute Offering
CPU & RAM & Hypervisor
Select Operating System
Windows, Linux
Select Data Disk Offering
Volume Size & Storage Type
Select Network Offering
Network & Services
Launch VM
Create Custom Virtual Machines via Service Offerings
13. • Management Server Dashboard
– Running, Stopped and Total VMs
– Resource allocations (IPs and storage)
– Latest events and alerts
Root Admin View Domain Admin View
Overview Resource Provision
14. Users
• CPU Utilized
• Network Read
• Network Writes
VM Status
Change
Service Offering
2 CPUs
1 GB RAM
20 GB
20 Mbps
4 CPUs
4 GB RAM
200 GB
100 Mbps
Start
Stop
Reboot
Destroy
VM Operations Console Access
Virtual Machine Management
15. Add / Delete
Volumes
Create Templates
from Volumes
Volume Template
Volume
VM 1
Schedule
Snapshots
Hourly
Daily
Weekly
Monthly
Now
View Snapshot
History 2012/05/29 7.30 am
….
2012/06/01 7.30 am
Volume and Snapshot Management
16. • Create Networks and
attach VMs
• Acquire public IP address
for NAT & load balancing
• Control traffic to VM using
ingress and egress firewall
rules
• Set up rules to load
balance traffic between
VMs
Network & Network Services
17. Compute
XenServer VMware KVM Bare metal
Hypervisor
Storage
Local Disk iSCSI NFS
Fiber
Channel
Swift
Block & Object
Network
Connection
Type
Isolation
Load
balancer
Firewall VPN
Network & Network Services
Primary Storage Secondary Storage
Open Flexible Platform
18. Pod 1
….
Host 2
Cluster 1
Host 1
Hypervisor is the basic unit of
scale.
Cluster consists of one ore
more hosts of same hypervisor
All hosts in cluster have access
to shared (primary) storage
Pod is one or more clusters,
usually with L2 switches.
Availability Zone has one or
more pods, has access to
secondary storage.
One or more zones represent
cloud
Zone 1
….
L3 core
Secondary
Storage
Pod N
CloudStack
Management
Server
Internet
CloudStack Deployment Architecture
Primary
Storage
Access Layer
Cluster N
19. Zone1
Data Center 1
Cloud
Data Center 2
Zone 3
Zone 2
Data Center 2
Zone 3
Zone 2
Data Center 2
Zone 3
Zone 2
Data Center 2
Zone 3
Zone 2
Data Center 2
Zone 3
Zone 2
Data Center 3
Zone 4 CloudStack Cloud can have
one or more Availability
Zones (AZ).
Management Server Managing Multiple Zones
20. Zone1
Data Center 1
Cloud
Data Center 2
Zone 3
Zone 2
Data Center 2
Zone 3
Zone 2
Data Center 2
Zone 3
Zone 2
Data Center 2
Zone 3
Zone 2
Data Center 2
Zone 3
Zone 2
Data Center 3
Zone 4
Mgmt
Server
Single Management Server can
manage multiple zones
Zones can be geographically
distributed but low latency links are
expected for better performance
Single MS node can manage up to
10K hosts.
Multiple MS nodes can be deployed
as cluster for scale or redundancy
Management Server Managing Multiple Zones
21. Replication
MS MySQL
DB
Back Up
DB
Infrastructure
Resources
User API
Admin API
Load
Balancer
MS
MS
MS
MySQL
DB
Infrastructure
Resources
User API
Admin API
Single-node
Deployment
Multi-node
Deployment
MS is stateless. MS can be deployed
as physical server or VM
Single MS node can manage up to
10K hosts. Multiple nodes can be
deployed for scale or redundancy
Management Server Deployment Architecture
22. Pod 1
Host 2
Cluster 1
Host 1
Primary
Storage
L3 switch
Secondary
Storage
L2 switch
• Configured at Cluster-level. Close to hosts for better
performance
• Stores all disk volumes for VMs in a cluster
• Cluster can have one or more primary storages
• Local disk, iSCSI, FC or NFS
Primary Storage
• Configured at Zone-level
• Stores all Templates, ISOs and Snapshots
• Zone can have one or more secondary storages
• NFS, OpenStack Swift
Secondary Storage
CloudStack Storage
23. • Hosts
• Servers onto which services will be provisioned
• Primary Storage
• VM storage
• Cluster
• A grouping of hosts and their associated storage
• Pod
• Collection of clusters
• Network
• Within the same L2 switch
• Secondary Storage
• Template, snapshot and ISO storage
• Zone
• Collection of pods, network offerings and secondary
storage
• Management Server Farm
• Responsible for all management and provisioning
tasks Zone
CloudStack Pod
Cluster
Host
Host
Primary
Storage
VM
VM
CloudStack Pod
Cluster
Secondary
Storage Network
Core CloudStack Components
24. • Primary Storage
• Cluster level storage for VMs
• Connected directly to hosts
• NFS, iSCSI, FC and Local
• Secondary Storage
• Zone level storage for template, ISOs and
snapshots
• NFS or OpenStack Swift via CloudStack
System VM
• Templates and ISOs
• Imported into CloudStack
• Can be private or public
Zone
Secondary Storage
Pod
Cluster
Host
Host
Primary Storage
Template
Understanding the Role of Storage and Templates
25. 1. User Requests Instance
2. Provision Optional Network
Services
3. Copy instance template from
secondary storage to primary
storage on appropriate cluster
4. Create any requested data
volumes on primary storage for the
cluster
5. Create instance
6. Start instance Zone
Secondary Storage
Pod
Cluster
Host
Host
Primary Storage
VM
Template
Provisioning Process
26. XenServer
Resource Pool
• Integrates directly with XenServer Pool
Master
• Snapshots at host level
• System VM control channel at host level
• Network management is host level
CloudStack
Manager
XenServer Pool
Master Host
XenServer Host
XenServer Host
XenServer Host
XenServer Host
Citrix XenServer
27. • Integrates with libvirt using
Cloud Agent
• Snapshots at host level
• System VM control channel at
host level
• Network management is host
level
• CentOS 6.2 with KVM
• Only RHEL 6.2, not RHEV
KVM Host
Cloud Agent
Libvirt
KVM Host
Cloud Agent
Libvirt
CloudStack
Manager
RedHat Enterprise Linux (KVM)
28. • Integration through vCenter
• System VM control channel via
CloudStack private network
• Snapshot and volume management
via Secondary Storage VM
• Networking via vSphere vSwitch
CloudStack
Manager
Data Center
vSphere Cluster
vSphere Host
vSphere Host
vSphere Host
vSphere Cluster
vSphere Host
vSphere Host
vCenter
VMware vSphere
29. Management
Server
XenServer
ESX
vCenter
KVM
Agent
XAPI HTTPS
• XS 5.6, 5.6FP1, 5.6 SP2,
6.0.2
• Incremental Snapshots
• VHD
• NFS, iSCSI, FC & Local disk
• Storage over-provisioning:
NFS
• ESX 4.1, 5.0 (coming)
• Full Snapshots
• VMDK
• NFS, iSCSI, FC & Local disk
• Storage over-provisioning:
NFS, iSCSI
• RHEL 6.0, 6.1, 6.2 (coming)
• Full Snapshots (not live)
• QCOW2
• NFS, iSCSI & FC
• Storage over-provisioning:
NFS
Management Server Interaction with Hypervisors
30. Cloud
• Domain is a unit of
isolation that represents
a customer org, business
unit or a reseller
• Domain can have
arbitrary levels of sub-
domains
• A Domain can have one
or more accounts
• An Account represents
one or more users and is
the basic unit of isolation
• Admin can limit
resources at the Account
or Domain levels
Admin
Org A
Admin
Reseller A
Domain
Domain
Admin
Org C
Sub-Domain
User 1
User 2
Group B
Account
Group A
Account
VMs, IPs, Snapshots…
VMs, IPs, Snapshots…
Resources
Resources
Multi-tenancy & Account Management
33. Router
L3 Core Switch
Access
Layer
Switches
………… …
Availability Zone
Servers
CloudStack MS
Cluster
Secondary
Storage
Pod 1 Pod 2 Pod 3 Pod N
MySQL
Load Balancer
Operations
Admin and
Cloud API
Users
Physical Network
34. Network Traffic type:
Public Network:
Public traffic is generated when VMs in the cloud
access the internet, e.g Virtual Router
Guest Network:
The tenant network to which instances are attached.
Storage Network:
The physical network which connects the hypervisor to the
storages.
Management Network:
Control Plane traffic between CloudStack management
server and hypervisor clusters
CloudStack Network Traffic Type
35. CloudStack Network Mode
Basic Network
• AWS-style networking
• All VMs in one sub-net
• Account’s VM Isolation by
Security Group
• VR provides service: DHCP, DNS
• Each VM has only one NICs
(Network)
Advanced Network
• Account’s VM Isolation by VLAN
• VR can provide more services :
NAT, Firewall, PF, LB, VPN
• Guest Network supports Isolated
and Shared Network types
• Each VM can have more NICs
(Network)
41. Public Network
Internet
DHCP, DNS
NAT, Firewall
LB, VPN, Port
Forwarding
10.1.1.2
Web VM
1
10.1.1.3
Web VM
2
10.1.1.4
Web VM
3
10.1.1.5
Web VM
4
Public IP
65.37.141.111
CS
Virtual
Router
Virtual Network
10.1.1.0/24
VLAN 100
Virtual Network
10.1.2.0/24
VLAN 101
10.1.2.21
10.1.2.18
10.1.2.38
10.1.2.39
10.1.2.31
App VM
1 10.1.3.21
Virtual Network
10.1.3.0/24
VLAN 102
10.1.2.24
App VM
2 10.1.3.45
10.1.3.24 DB VM 1
CS
Virtual
Router
DHCP, DNS DHCP, DNS
CS
Virtual
Router
Advanced Network – Multi-tier Network
Private IP
10.1.1.1
42. 10.1.1.1
Web VM
1
10.1.1.3
Web VM
2
10.1.1.4
Web VM
3
10.1.1.5
Web VM
4
Virtual
Network
10.1.1.0/24
Virtual Network
10.1.2.0/24
VLAN 101
10.1.2.31
App VM
1
Virtual Network
10.1.3.0/24
VLAN 102
10.1.2.24
App VM
2
10.1.3.24
DB VM 1
CS
Virtual Router /
Other Data
Center
IPSec or SSL site-to-site VPN
Internet Internal VLAN
Virtual Router Services
• DNS
• LB
• Site-to-Site VPN
• Static Routes
• Network ACLs
• NAT, PF
• FW [ingress & egress]
Loadbalancer
Advanced Network – Virtual Private Network
44. Zone-Level Layer 3 Switch
Pod
2
Pod
N
Private Network
Computing
Server 1
Computing
Server 3
Computing
Server 2
Computing
Server 4
Pod-Level Layer-2
Switch
Primary
Storage
Primary
Storage
Pod 1
Scale-Out
NFS
Cluster2Cluster1
Primary
Storage
Scale-Out
NFS
• Primary Storage
– Block device to the VM
– IOPs intensive
– Accessible from host or
cluster wide
• WORM Storage
– Secondary Storage or Object
Store for templates, ISO, and
snapshot archiving
– High capacity
• CloudStack manages the
storage between the two to
achieve maximum benefit and
resiliency
Storage
45. Type XenServer VMWare KVM
Local Disk Supported Supported Supported
iSCSI Supported Supported Not Supported
Fiber Channel Supported Supported Not Supported
NFS Supported Supported Supported
Primary Storage Support Matrix
46. • Supported via storage tags for primary storage
• Specify a tag when adding a storage pool
• Specify a tag when adding a disk offering
• Only storage pools with the tag will be
allocated for the volume
Storage Tagging
47. • Write Once Read Many storage pattern is
supported by two different storage types
– Secondary Storage (NFS Server within an availability
zone)
– Object Store (Swift implementation for cross-zone)
• Objective for WORM storage
– High capacity, cheap storage
– Easy to increase capacity
• Used to store templates, ISOs, and snapshots
WORM Storage
48. • Snapshots are used as backups for DRS
• Taken on the primary storage and moved to
secondary storage
• Supports individual snapshots and recurring
snapshots
• Full snapshots on VMWare and KVM.
• Incremental snapshots on XenServer
Snapshot
Notas del editor
2013-03-20 Apache CloudStack graduates to become a TLP4.0.2 (2013.05.17)
CloudStack works within multiple enterprise strategies and mandates, as well as supporting multiple cloud strategies from a provider perspective. As an initial step beyond traditional server virtualization, many organizations are looking to private cloud implementations as a means to satisfy flexibility while still retaining control over service delivery. The private cloud may be hosted by the IT organization itself, or sourced from a managed service provider, but the net goals of total control and security without compromising SLAs is achieved.For some organizations, the managed service model is stepped up one level with all resources sourced from a hosted solution. SLA guarantees and security concerns often dictate the types of providers an enterprise will look towards. At the far end of the spectrum are public cloud providers with pay as you go pricing structures and elastic scaling. Since public clouds often abstract details such as network topology, a hybrid cloud strategy allows IT to retain control over key aspects of their operations such as data, while leveraging the benefits of elastic public cloud capacity.
When a user requests a VM instance, there are several steps performed.The user logs in and selects the desired availability zone for their instance, and then selects the desired template from the list of templates available to them. This is the trigger for the provisioning process.Depending on the instance and zone requirements, optional network services such as routing, dhcp and load balancing are provisioned for the zone. If these services are already provisioned, and can be shared by the user, then shared instances are used; otherwise isolated instances of the network services are used.The template representing the root disk of the VM is copied from the secondary storage for the zone to the primary storage for the cluster. CloudStack attempts to localize services for accounts to as few clusters as possible. This is done partly for security reasons, and partly to ensure optimal performance for provisioned services.If the instance requires any data volumes, the data volumes are created on primary storage for the cluster. Note that the storage preferences for the root volume and data volumes may be different resulting in the volumes occupying different primary storage devices within a given cluster. For example, data disks may have attributes which place them on a primary storage device which is continuously backed up while the root volume might be located on local storage.CloudStack then instructs the host to create and start the instance VM
When using XenServer, you will first add the XenServer pool master to CloudStack as a host, and CloudStack will transparently add all slave hosts to CloudStack.
For KVM, Support is only for RHEL 6.2 based KVM and Ubuntu 10.04. No other flavors of KVM are supported, including RHEV.
vCenter cluster/hostA vCenter cluster is mapped directly to a CloudStack cluster under PodA vCenter cluster for CloudStack can only belong to one vCenter datacenterWhy?vCenter Datastore used by vCenter cluster is at scope of vCenter datacentervCenter vSwitch used by vCenter cluster is at scope of vCenter datacenterSharing vCenter datacenter resource outside of CloudStack will be problematicSystem VM bootstrapFirst generation is done by CloudStack management serverSecond/beyond generations is done through a running SSVMSSVM (Secondary Storage VM)SSVM for template processingSSVM for VMware volume/snapshot/template operationCommand delegationSystem VM, extension of CloudStack management serverResource manager can be running in context of a system VMCommand delegation in CloudStack management serverSnapshotsCloudStack snapshot is taken at volume basisSnapshot in vCenter is take at VM basisFill the gapTake a VM snapshot, if it is for a detached volume in CloudStack, create a worker VMParse VM snapshot meta data, build up disk chain information at volume basisCreate intermediate VM on top of a selected disk chainExport VM (full backup) to secondary storageCleanupsvCenter vSwitchvSwitch setup is done through vCenterNIC-bonding is done through vCenterCloudStack creates networks (portgroups) dynamicallyCloudStack propagates networks across clusterWhy? To support independent VM live migration both in CloudStack and vCenterDefault vSwitch portsNot enough, usually needs to extend
The following external devices are supported in CloudStack 4.1.0.• F5: 10.1.10 (Build 3341.1084)• SRX model srx100b: Must be 10.3 or higher -10.4R7.5• Netscaler VPX 9.3, 10.0(Build 54.7.nc and 54.161)• Netscaler MPX 10• Netscaler SDX 10CS 4.1 supports Nicira NVP