SlideShare a Scribd company logo

CloudStack In Production

Clayton Weise
Clayton Weise

CloudStack has many moving parts, and although we will not get too far into the details of each piece, this will be a general overview of the different components of CloudStack. Some example deployments will be provided, how CloudStack interacts with Xen hosts and KVM hosts, as well as storage, networking, permissions, and usage accounting.

Technology
1 of 14
Download to read offline
CloudStack In Production Considerations & Design
What CloudStack Is ● CloudStack is a cloud management platform (CMP) ○ Hypervisors ○ Layer 2 Network - VLANs / Security Groups / SDN ○ Layer 3 Network - Firewall / Router / VPN / Load Balancer ○ Storage - Primary / Secondary ● CloudStack can be managed via API and/or a pretty Web GUI
What CloudStack Isn't ● CloudStack is not a drop-in replacement for tools such as Virt Manager, XenCenter, and the vSphere Client
CloudStack Hierarchy ● Zone = Datacenter ○ Network mode (basic or advanced) ○ Secondary storage ● Pod = Rack ○ Logical grouping of clusters ● Cluster = Grouping of hosts ○ Shared primary storage ● Host = Server ○ Link-local interfaces (all but VMware) ● Instance = VM
Infrastructure Components ● Management Services (Web UI, API, Database) ● Hosts (Servers) ● Guests (VMs/Instances) ● Primary Storage ○ Where your VMs live ● Secondary Storage ○ Static content -- ISO Images, Snapshots, Templates, etc ● Network Components (switches, VLANs, etc) ○ Switches, VLANs, SDN, virtual routers, external CloudStack managed devices such as Juniper SRX, NetScaler, F5, etc
Primary Storage ● Your VMs run here ● Primary storage is expected to be fault-tolerant, reliable, and performant ● Supported protocols/methods are: ○ Fibre Channel ○ iSCSI ○ CLVM ○ VMFS (VMware only) ○ NFS ○ SharedMountPoint (KVM only) ■ ShareMountPoint can be a cluster-aware filesystem such as OCFS2 or GFS2 ○ Ceph/RBD (KVM only -- very new, and very experimental) ○ Local storage ■ Note: you cannot live-migrate with local storage
Secondary Storage ● Only NFS is supported currently ● Does not need to be as fast or as reliable as primary ● Used to store: ○ Templates ○ Snapshots ○ ISO Images ○ Imported Volumes (temporarily)
How ACS Manages Hosts ● VMware ○ Licensed vCenter is required, individual ESXi hosts can not be managed or accessed by CloudStack ● XenServer, XCP & Xen ○ XAPI is used to manage all Xen based hosts along with a number of other scripts that CloudStack management will deploy ● KVM ○ A combination of cloud-agent (the primary means), libvirt, virsh, and server-side scripts ■ ** Note: Do not run mixed/matched clusters (e.g. Cent and Ubuntu in the same cluster)
CloudStack Network Modes ● Basic Networking Zone ○ Assumes flat public network ○ Assigns public addresses to all instances ○ Uses security groups for guest isolation ○ Less complex configurations and networking ● Advanced Networking Zone ○ VLANs or SDN for guest segregation ○ RFC1918 addresses assigned to instances ○ Security groups not supported ○ VPC supported (virtual private cloud) ○ VPN available (site-to-site and L2TP/IPSec) ○ Inter-VLAN routing (tiered networks) ○ More complex configurations and networking
Host Networking ● Physical interfaces (NICs) ● Tagged interfaces (VLANs) ● Virtual NICs (vNIC on the guest) and their representation on the virtual switch ● Security groups ○ Filtering using ebtables to apply iptables rules within a bridge ● Bridges ○ Know them, love them
Accounts, Domains, Projects, and Users ● Accounts own resources ○ For example: instances, volumes, templates, networks, etc ○ Two accounts, even on the same domain, cannot see each other's resources ● Domains are logical containers for accounts ○ Domains can impose limits on accounts within them ● Users are tied to accounts and are used for authentication ○ Users can access CloudStack via the Web UI and/or API ● Projects own resources and can allow multiple accounts to control/share them same resources ○ One account is delegated the "owner" of the project -- the owner can add/remove other accounts to the project ○ All accounts must be children of the same domain
SDN - Software Defined Networking ● When 4096 VLANs just aren't enough make millions of tunnels instead! ● GRE ○ Simple, universal, supported by Open vSwitch and others ○ GRE has overhead and doesn't correct for it, this can cause problems with packets over 1500 bytes unless tcp adjust mss can be enabled within the tunnel ○ Lightweight, easy to implement and understand ● STT ○ New, promising protocol but not widely implemented ○ No overhead issue ○ Uses TCP offload in NICs to process the tunnel to increase performance
Questions/Discussion Clayton Weise clayton@claytonweise.com Kelcey Jamison-Damage me@kelceydamage.com kelcey@bbits.ca
Thank You

Recommended

Zettabyte File System (ZFS)
Zettabyte File System (ZFS)Zettabyte File System (ZFS)
Zettabyte File System (ZFS)GLC Networks
 
Software Defined Datacenter with Proxmox
Software Defined Datacenter with ProxmoxSoftware Defined Datacenter with Proxmox
Software Defined Datacenter with ProxmoxGLC Networks
 
OSDC 2013 | Distributed Storage with GlusterFS by Dr. Udo Seidel
OSDC 2013 | Distributed Storage with GlusterFS by Dr. Udo SeidelOSDC 2013 | Distributed Storage with GlusterFS by Dr. Udo Seidel
OSDC 2013 | Distributed Storage with GlusterFS by Dr. Udo SeidelNETWAYS
 
Scalable distributed stream_processing
Scalable distributed stream_processingScalable distributed stream_processing
Scalable distributed stream_processingmgarren
 
Dynomite - PerconaLive 2017
Dynomite - PerconaLive 2017Dynomite - PerconaLive 2017
Dynomite - PerconaLive 2017Ioannis Papapanagiotou
 
Lt2013 glusterfs.talk
Lt2013 glusterfs.talkLt2013 glusterfs.talk
Lt2013 glusterfs.talkUdo Seidel
 
Socket programming, and openresty
Socket programming, and openrestySocket programming, and openresty
Socket programming, and openrestyTavish Naruka
 
Ireland Moot 2013 Admin Workshop Afternoon Session
Ireland Moot 2013 Admin Workshop Afternoon SessionIreland Moot 2013 Admin Workshop Afternoon Session
Ireland Moot 2013 Admin Workshop Afternoon SessionRemote-Learner UK
 

Recommended

Zettabyte File System (ZFS)
Zettabyte File System (ZFS)Zettabyte File System (ZFS)
Zettabyte File System (ZFS)GLC Networks
 
Software Defined Datacenter with Proxmox
Software Defined Datacenter with ProxmoxSoftware Defined Datacenter with Proxmox
Software Defined Datacenter with ProxmoxGLC Networks
 
OSDC 2013 | Distributed Storage with GlusterFS by Dr. Udo Seidel
OSDC 2013 | Distributed Storage with GlusterFS by Dr. Udo SeidelOSDC 2013 | Distributed Storage with GlusterFS by Dr. Udo Seidel
OSDC 2013 | Distributed Storage with GlusterFS by Dr. Udo SeidelNETWAYS
 
Scalable distributed stream_processing
Scalable distributed stream_processingScalable distributed stream_processing
Scalable distributed stream_processingmgarren
 
Dynomite - PerconaLive 2017
Dynomite - PerconaLive 2017Dynomite - PerconaLive 2017
Dynomite - PerconaLive 2017Ioannis Papapanagiotou
 
Lt2013 glusterfs.talk
Lt2013 glusterfs.talkLt2013 glusterfs.talk
Lt2013 glusterfs.talkUdo Seidel
 
Socket programming, and openresty
Socket programming, and openrestySocket programming, and openresty
Socket programming, and openrestyTavish Naruka
 
Ireland Moot 2013 Admin Workshop Afternoon Session
Ireland Moot 2013 Admin Workshop Afternoon SessionIreland Moot 2013 Admin Workshop Afternoon Session
Ireland Moot 2013 Admin Workshop Afternoon SessionRemote-Learner UK
 
SAN(EMC) ONLINE TRAINING
SAN(EMC) ONLINE TRAININGSAN(EMC) ONLINE TRAINING
SAN(EMC) ONLINE TRAININGsoftnsol anusha
 
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vosOSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vosNETWAYS
 
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820innov-acts-ltd
 
Running OpenStack in Production - Barcamp Saigon 2016
Running OpenStack in Production - Barcamp Saigon 2016Running OpenStack in Production - Barcamp Saigon 2016
Running OpenStack in Production - Barcamp Saigon 2016Thang Man
 
Messaging for the cloud
Messaging for the cloudMessaging for the cloud
Messaging for the clouddejanb
 
Dynamic routing in microservice oriented architecture
Dynamic routing in microservice oriented architectureDynamic routing in microservice oriented architecture
Dynamic routing in microservice oriented architectureDaniel Leon
 
RPC in Smalltalk
RPC in Smalltalk RPC in Smalltalk
RPC in SmalltalkESUG
 
GlusterD 2.0 - Managing Distributed File System Using a Centralized Store
GlusterD 2.0 - Managing Distributed File System Using a Centralized StoreGlusterD 2.0 - Managing Distributed File System Using a Centralized Store
GlusterD 2.0 - Managing Distributed File System Using a Centralized StoreAtin Mukherjee
 
OpenNebula LXD Container Support overview
OpenNebula LXD Container Support overviewOpenNebula LXD Container Support overview
OpenNebula LXD Container Support overviewCSUC - Consorci de Serveis Universitaris de Catalunya
 
State of the_gluster_-_lceu
State of the_gluster_-_lceuState of the_gluster_-_lceu
State of the_gluster_-_lceuGluster.org
 
Guest Agents: Support & Implementation
Guest Agents: Support & ImplementationGuest Agents: Support & Implementation
Guest Agents: Support & ImplementationMirantis
 
Introduction to AdroitLogic and UltraESB
Introduction to AdroitLogic and UltraESBIntroduction to AdroitLogic and UltraESB
Introduction to AdroitLogic and UltraESBAdroitLogic
 
SDN Programming with Go
SDN Programming with GoSDN Programming with Go
SDN Programming with GoDonaldson Tan
 
NATS vs HTTP
NATS vs HTTPNATS vs HTTP
NATS vs HTTPApcera
 
Third-party software management under BSD
Third-party software management under BSDThird-party software management under BSD
Third-party software management under BSDAndrew Pantyukhin
 
Cloud Standards and CloudStack
Cloud Standards and CloudStackCloud Standards and CloudStack
Cloud Standards and CloudStackSebastien Goasguen
 
Intro to Cloudstack
Intro to CloudstackIntro to Cloudstack
Intro to CloudstackSebastien Goasguen
 
CloudStack for Java User Group
CloudStack for Java User GroupCloudStack for Java User Group
CloudStack for Java User GroupSebastien Goasguen
 
DevCloud and CloudMonkey
DevCloud and CloudMonkeyDevCloud and CloudMonkey
DevCloud and CloudMonkeySebastien Goasguen
 
Apache CloudStack AlpesJUG
Apache CloudStack AlpesJUGApache CloudStack AlpesJUG
Apache CloudStack AlpesJUGSebastien Goasguen
 
CloudStack Conference Public Clouds Use Cases
CloudStack Conference Public Clouds Use CasesCloudStack Conference Public Clouds Use Cases
CloudStack Conference Public Clouds Use CasesSebastien Goasguen
 
OpenNebulaConf2018 - Is Hyperconverged Infrastructure what you need? - Boyan ...
OpenNebulaConf2018 - Is Hyperconverged Infrastructure what you need? - Boyan ...OpenNebulaConf2018 - Is Hyperconverged Infrastructure what you need? - Boyan ...
OpenNebulaConf2018 - Is Hyperconverged Infrastructure what you need? - Boyan ...OpenNebula Project
 

More Related Content

What's hot

SAN(EMC) ONLINE TRAINING
SAN(EMC) ONLINE TRAININGSAN(EMC) ONLINE TRAINING
SAN(EMC) ONLINE TRAININGsoftnsol anusha
 
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vosOSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vosNETWAYS
 
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820innov-acts-ltd
 
Running OpenStack in Production - Barcamp Saigon 2016
Running OpenStack in Production - Barcamp Saigon 2016Running OpenStack in Production - Barcamp Saigon 2016
Running OpenStack in Production - Barcamp Saigon 2016Thang Man
 
Messaging for the cloud
Messaging for the cloudMessaging for the cloud
Messaging for the clouddejanb
 
Dynamic routing in microservice oriented architecture
Dynamic routing in microservice oriented architectureDynamic routing in microservice oriented architecture
Dynamic routing in microservice oriented architectureDaniel Leon
 
RPC in Smalltalk
RPC in Smalltalk RPC in Smalltalk
RPC in SmalltalkESUG
 
GlusterD 2.0 - Managing Distributed File System Using a Centralized Store
GlusterD 2.0 - Managing Distributed File System Using a Centralized StoreGlusterD 2.0 - Managing Distributed File System Using a Centralized Store
GlusterD 2.0 - Managing Distributed File System Using a Centralized StoreAtin Mukherjee
 
State of the_gluster_-_lceu
State of the_gluster_-_lceuState of the_gluster_-_lceu
State of the_gluster_-_lceuGluster.org
 
Guest Agents: Support & Implementation
Guest Agents: Support & ImplementationGuest Agents: Support & Implementation
Guest Agents: Support & ImplementationMirantis
 
Introduction to AdroitLogic and UltraESB
Introduction to AdroitLogic and UltraESBIntroduction to AdroitLogic and UltraESB
Introduction to AdroitLogic and UltraESBAdroitLogic
 
SDN Programming with Go
SDN Programming with GoSDN Programming with Go
SDN Programming with GoDonaldson Tan
 
NATS vs HTTP
NATS vs HTTPNATS vs HTTP
NATS vs HTTPApcera
 
Third-party software management under BSD
Third-party software management under BSDThird-party software management under BSD
Third-party software management under BSDAndrew Pantyukhin
 

What's hot (15)

SAN(EMC) ONLINE TRAINING
SAN(EMC) ONLINE TRAININGSAN(EMC) ONLINE TRAINING
SAN(EMC) ONLINE TRAINING
 
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vosOSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
 
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820
 
Running OpenStack in Production - Barcamp Saigon 2016
Running OpenStack in Production - Barcamp Saigon 2016Running OpenStack in Production - Barcamp Saigon 2016
Running OpenStack in Production - Barcamp Saigon 2016
 
Messaging for the cloud
Messaging for the cloudMessaging for the cloud
Messaging for the cloud
 
Dynamic routing in microservice oriented architecture
Dynamic routing in microservice oriented architectureDynamic routing in microservice oriented architecture
Dynamic routing in microservice oriented architecture
 
RPC in Smalltalk
RPC in Smalltalk RPC in Smalltalk
RPC in Smalltalk
 
GlusterD 2.0 - Managing Distributed File System Using a Centralized Store
GlusterD 2.0 - Managing Distributed File System Using a Centralized StoreGlusterD 2.0 - Managing Distributed File System Using a Centralized Store
GlusterD 2.0 - Managing Distributed File System Using a Centralized Store
 
OpenNebula LXD Container Support overview
OpenNebula LXD Container Support overviewOpenNebula LXD Container Support overview
OpenNebula LXD Container Support overview
 
State of the_gluster_-_lceu
State of the_gluster_-_lceuState of the_gluster_-_lceu
State of the_gluster_-_lceu
 
Guest Agents: Support & Implementation
Guest Agents: Support & ImplementationGuest Agents: Support & Implementation
Guest Agents: Support & Implementation
 
Introduction to AdroitLogic and UltraESB
Introduction to AdroitLogic and UltraESBIntroduction to AdroitLogic and UltraESB
Introduction to AdroitLogic and UltraESB
 
SDN Programming with Go
SDN Programming with GoSDN Programming with Go
SDN Programming with Go
 
NATS vs HTTP
NATS vs HTTPNATS vs HTTP
NATS vs HTTP
 
Third-party software management under BSD
Third-party software management under BSDThird-party software management under BSD
Third-party software management under BSD
 

Viewers also liked

Cloud Standards and CloudStack
Cloud Standards and CloudStackCloud Standards and CloudStack
Cloud Standards and CloudStackSebastien Goasguen
 
CloudStack for Java User Group
CloudStack for Java User GroupCloudStack for Java User Group
CloudStack for Java User GroupSebastien Goasguen
 
CloudStack Conference Public Clouds Use Cases
CloudStack Conference Public Clouds Use CasesCloudStack Conference Public Clouds Use Cases
CloudStack Conference Public Clouds Use CasesSebastien Goasguen
 

Viewers also liked (6)

Cloud Standards and CloudStack
Cloud Standards and CloudStackCloud Standards and CloudStack
Cloud Standards and CloudStack
 
Intro to Cloudstack
Intro to CloudstackIntro to Cloudstack
Intro to Cloudstack
 
CloudStack for Java User Group
CloudStack for Java User GroupCloudStack for Java User Group
CloudStack for Java User Group
 
DevCloud and CloudMonkey
DevCloud and CloudMonkeyDevCloud and CloudMonkey
DevCloud and CloudMonkey
 
Apache CloudStack AlpesJUG
Apache CloudStack AlpesJUGApache CloudStack AlpesJUG
Apache CloudStack AlpesJUG
 
CloudStack Conference Public Clouds Use Cases
CloudStack Conference Public Clouds Use CasesCloudStack Conference Public Clouds Use Cases
CloudStack Conference Public Clouds Use Cases
 

Similar to CloudStack In Production

OpenNebulaConf2018 - Is Hyperconverged Infrastructure what you need? - Boyan ...
OpenNebulaConf2018 - Is Hyperconverged Infrastructure what you need? - Boyan ...OpenNebulaConf2018 - Is Hyperconverged Infrastructure what you need? - Boyan ...
OpenNebulaConf2018 - Is Hyperconverged Infrastructure what you need? - Boyan ...OpenNebula Project
 
Kubernetes from scratch at veepee sysadmins days 2019
Kubernetes from scratch at veepee sysadmins days 2019Kubernetes from scratch at veepee sysadmins days 2019
Kubernetes from scratch at veepee sysadmins days 2019🔧 Loïc BLOT
 
OpenNebulaConf2015 1.10 OpenNebula Networking: SDNs & NFVs - Ruben S. Montero
OpenNebulaConf2015 1.10 OpenNebula Networking: SDNs & NFVs - Ruben S. MonteroOpenNebulaConf2015 1.10 OpenNebula Networking: SDNs & NFVs - Ruben S. Montero
OpenNebulaConf2015 1.10 OpenNebula Networking: SDNs & NFVs - Ruben S. MonteroOpenNebula Project
 
Linux Stammtisch Munich: Ceph - Overview, Experiences and Outlook
Linux Stammtisch Munich: Ceph - Overview, Experiences and OutlookLinux Stammtisch Munich: Ceph - Overview, Experiences and Outlook
Linux Stammtisch Munich: Ceph - Overview, Experiences and OutlookDanny Al-Gaaf
 
OpenStack Best Practices and Considerations - terasky tech day
OpenStack Best Practices and Considerations - terasky tech dayOpenStack Best Practices and Considerations - terasky tech day
OpenStack Best Practices and Considerations - terasky tech dayArthur Berezin
 
OpenNebula Networking - Rubén S. Montero
OpenNebula Networking - Rubén S. MonteroOpenNebula Networking - Rubén S. Montero
OpenNebula Networking - Rubén S. MonteroOpenNebula Project
 
99.999% Available OpenStack Cloud - A Builder's Guide
99.999% Available OpenStack Cloud - A Builder's Guide99.999% Available OpenStack Cloud - A Builder's Guide
99.999% Available OpenStack Cloud - A Builder's GuideDanny Al-Gaaf
 
Security of Linux containers in the cloud
Security of Linux containers in the cloudSecurity of Linux containers in the cloud
Security of Linux containers in the cloudDobrica Pavlinušić
 
Dreamhost deploying dreamcompute at scale
Dreamhost deploying dreamcompute at scaleDreamhost deploying dreamcompute at scale
Dreamhost deploying dreamcompute at scaleCumulus Networks
 
CEPH DAY BERLIN - WHAT'S NEW IN CEPH
CEPH DAY BERLIN - WHAT'S NEW IN CEPH CEPH DAY BERLIN - WHAT'S NEW IN CEPH
CEPH DAY BERLIN - WHAT'S NEW IN CEPH Ceph Community
 
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking ShapeBlue
 
OpenShift Virtualization- Technical Overview.pdf
OpenShift Virtualization- Technical Overview.pdfOpenShift Virtualization- Technical Overview.pdf
OpenShift Virtualization- Technical Overview.pdfssuser1490e8
 
The State of Ceph, Manila, and Containers in OpenStack
The State of Ceph, Manila, and Containers in OpenStackThe State of Ceph, Manila, and Containers in OpenStack
The State of Ceph, Manila, and Containers in OpenStackSage Weil
 
Open stack HA - Theory to Reality
Open stack HA - Theory to RealityOpen stack HA - Theory to Reality
Open stack HA - Theory to RealitySriram Subramanian
 
2021.02 new in Ceph Pacific Dashboard
2021.02 new in Ceph Pacific Dashboard2021.02 new in Ceph Pacific Dashboard
2021.02 new in Ceph Pacific DashboardCeph Community
 
KubeCon + CloudNative Con NA 2021 | A New Generation of NATS
KubeCon + CloudNative Con NA 2021 | A New Generation of NATSKubeCon + CloudNative Con NA 2021 | A New Generation of NATS
KubeCon + CloudNative Con NA 2021 | A New Generation of NATSNATS
 
CloudStack - LinuxFest NorthWest
CloudStack - LinuxFest NorthWestCloudStack - LinuxFest NorthWest
CloudStack - LinuxFest NorthWestke4qqq
 
Openstack overview thomas-goirand
Openstack overview thomas-goirandOpenstack overview thomas-goirand
Openstack overview thomas-goirandOpenCity Community
 
DOST: Ceph in a security critical OpenStack cloud
DOST: Ceph in a security critical OpenStack cloudDOST: Ceph in a security critical OpenStack cloud
DOST: Ceph in a security critical OpenStack cloudDanny Al-Gaaf
 

Similar to CloudStack In Production (20)

OpenNebulaConf2018 - Is Hyperconverged Infrastructure what you need? - Boyan ...
OpenNebulaConf2018 - Is Hyperconverged Infrastructure what you need? - Boyan ...OpenNebulaConf2018 - Is Hyperconverged Infrastructure what you need? - Boyan ...
OpenNebulaConf2018 - Is Hyperconverged Infrastructure what you need? - Boyan ...
 
Kubernetes from scratch at veepee sysadmins days 2019
Kubernetes from scratch at veepee sysadmins days 2019Kubernetes from scratch at veepee sysadmins days 2019
Kubernetes from scratch at veepee sysadmins days 2019
 
OpenNebulaConf2015 1.10 OpenNebula Networking: SDNs & NFVs - Ruben S. Montero
OpenNebulaConf2015 1.10 OpenNebula Networking: SDNs & NFVs - Ruben S. MonteroOpenNebulaConf2015 1.10 OpenNebula Networking: SDNs & NFVs - Ruben S. Montero
OpenNebulaConf2015 1.10 OpenNebula Networking: SDNs & NFVs - Ruben S. Montero
 
Linux Stammtisch Munich: Ceph - Overview, Experiences and Outlook
Linux Stammtisch Munich: Ceph - Overview, Experiences and OutlookLinux Stammtisch Munich: Ceph - Overview, Experiences and Outlook
Linux Stammtisch Munich: Ceph - Overview, Experiences and Outlook
 
OpenStack Best Practices and Considerations - terasky tech day
OpenStack Best Practices and Considerations - terasky tech dayOpenStack Best Practices and Considerations - terasky tech day
OpenStack Best Practices and Considerations - terasky tech day
 
OpenNebula Networking - Rubén S. Montero
OpenNebula Networking - Rubén S. MonteroOpenNebula Networking - Rubén S. Montero
OpenNebula Networking - Rubén S. Montero
 
99.999% Available OpenStack Cloud - A Builder's Guide
99.999% Available OpenStack Cloud - A Builder's Guide99.999% Available OpenStack Cloud - A Builder's Guide
99.999% Available OpenStack Cloud - A Builder's Guide
 
Security of Linux containers in the cloud
Security of Linux containers in the cloudSecurity of Linux containers in the cloud
Security of Linux containers in the cloud
 
Dreamhost deploying dreamcompute at scale
Dreamhost deploying dreamcompute at scaleDreamhost deploying dreamcompute at scale
Dreamhost deploying dreamcompute at scale
 
CEPH DAY BERLIN - WHAT'S NEW IN CEPH
CEPH DAY BERLIN - WHAT'S NEW IN CEPH CEPH DAY BERLIN - WHAT'S NEW IN CEPH
CEPH DAY BERLIN - WHAT'S NEW IN CEPH
 
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
 
OpenShift Virtualization- Technical Overview.pdf
OpenShift Virtualization- Technical Overview.pdfOpenShift Virtualization- Technical Overview.pdf
OpenShift Virtualization- Technical Overview.pdf
 
The State of Ceph, Manila, and Containers in OpenStack
The State of Ceph, Manila, and Containers in OpenStackThe State of Ceph, Manila, and Containers in OpenStack
The State of Ceph, Manila, and Containers in OpenStack
 
Open stack HA - Theory to Reality
Open stack HA - Theory to RealityOpen stack HA - Theory to Reality
Open stack HA - Theory to Reality
 
Apache CloudStack from API to UI
Apache CloudStack from API to UIApache CloudStack from API to UI
Apache CloudStack from API to UI
 
2021.02 new in Ceph Pacific Dashboard
2021.02 new in Ceph Pacific Dashboard2021.02 new in Ceph Pacific Dashboard
2021.02 new in Ceph Pacific Dashboard
 
KubeCon + CloudNative Con NA 2021 | A New Generation of NATS
KubeCon + CloudNative Con NA 2021 | A New Generation of NATSKubeCon + CloudNative Con NA 2021 | A New Generation of NATS
KubeCon + CloudNative Con NA 2021 | A New Generation of NATS
 
CloudStack - LinuxFest NorthWest
CloudStack - LinuxFest NorthWestCloudStack - LinuxFest NorthWest
CloudStack - LinuxFest NorthWest
 
Openstack overview thomas-goirand
Openstack overview thomas-goirandOpenstack overview thomas-goirand
Openstack overview thomas-goirand
 
DOST: Ceph in a security critical OpenStack cloud
DOST: Ceph in a security critical OpenStack cloudDOST: Ceph in a security critical OpenStack cloud
DOST: Ceph in a security critical OpenStack cloud
 

Recently uploaded

Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 

Recently uploaded (20)

Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 

CloudStack In Production

  • 2. What CloudStack Is ● CloudStack is a cloud management platform (CMP) ○ Hypervisors ○ Layer 2 Network - VLANs / Security Groups / SDN ○ Layer 3 Network - Firewall / Router / VPN / Load Balancer ○ Storage - Primary / Secondary ● CloudStack can be managed via API and/or a pretty Web GUI
  • 3. What CloudStack Isn't ● CloudStack is not a drop-in replacement for tools such as Virt Manager, XenCenter, and the vSphere Client
  • 4. CloudStack Hierarchy ● Zone = Datacenter ○ Network mode (basic or advanced) ○ Secondary storage ● Pod = Rack ○ Logical grouping of clusters ● Cluster = Grouping of hosts ○ Shared primary storage ● Host = Server ○ Link-local interfaces (all but VMware) ● Instance = VM
  • 5. Infrastructure Components ● Management Services (Web UI, API, Database) ● Hosts (Servers) ● Guests (VMs/Instances) ● Primary Storage ○ Where your VMs live ● Secondary Storage ○ Static content -- ISO Images, Snapshots, Templates, etc ● Network Components (switches, VLANs, etc) ○ Switches, VLANs, SDN, virtual routers, external CloudStack managed devices such as Juniper SRX, NetScaler, F5, etc
  • 6. Primary Storage ● Your VMs run here ● Primary storage is expected to be fault-tolerant, reliable, and performant ● Supported protocols/methods are: ○ Fibre Channel ○ iSCSI ○ CLVM ○ VMFS (VMware only) ○ NFS ○ SharedMountPoint (KVM only) ■ ShareMountPoint can be a cluster-aware filesystem such as OCFS2 or GFS2 ○ Ceph/RBD (KVM only -- very new, and very experimental) ○ Local storage ■ Note: you cannot live-migrate with local storage
  • 7. Secondary Storage ● Only NFS is supported currently ● Does not need to be as fast or as reliable as primary ● Used to store: ○ Templates ○ Snapshots ○ ISO Images ○ Imported Volumes (temporarily)
  • 8. How ACS Manages Hosts ● VMware ○ Licensed vCenter is required, individual ESXi hosts can not be managed or accessed by CloudStack ● XenServer, XCP & Xen ○ XAPI is used to manage all Xen based hosts along with a number of other scripts that CloudStack management will deploy ● KVM ○ A combination of cloud-agent (the primary means), libvirt, virsh, and server-side scripts ■ ** Note: Do not run mixed/matched clusters (e.g. Cent and Ubuntu in the same cluster)
  • 9. CloudStack Network Modes ● Basic Networking Zone ○ Assumes flat public network ○ Assigns public addresses to all instances ○ Uses security groups for guest isolation ○ Less complex configurations and networking ● Advanced Networking Zone ○ VLANs or SDN for guest segregation ○ RFC1918 addresses assigned to instances ○ Security groups not supported ○ VPC supported (virtual private cloud) ○ VPN available (site-to-site and L2TP/IPSec) ○ Inter-VLAN routing (tiered networks) ○ More complex configurations and networking
  • 10. Host Networking ● Physical interfaces (NICs) ● Tagged interfaces (VLANs) ● Virtual NICs (vNIC on the guest) and their representation on the virtual switch ● Security groups ○ Filtering using ebtables to apply iptables rules within a bridge ● Bridges ○ Know them, love them
  • 11. Accounts, Domains, Projects, and Users ● Accounts own resources ○ For example: instances, volumes, templates, networks, etc ○ Two accounts, even on the same domain, cannot see each other's resources ● Domains are logical containers for accounts ○ Domains can impose limits on accounts within them ● Users are tied to accounts and are used for authentication ○ Users can access CloudStack via the Web UI and/or API ● Projects own resources and can allow multiple accounts to control/share them same resources ○ One account is delegated the "owner" of the project -- the owner can add/remove other accounts to the project ○ All accounts must be children of the same domain
  • 12. SDN - Software Defined Networking ● When 4096 VLANs just aren't enough make millions of tunnels instead! ● GRE ○ Simple, universal, supported by Open vSwitch and others ○ GRE has overhead and doesn't correct for it, this can cause problems with packets over 1500 bytes unless tcp adjust mss can be enabled within the tunnel ○ Lightweight, easy to implement and understand ● STT ○ New, promising protocol but not widely implemented ○ No overhead issue ○ Uses TCP offload in NICs to process the tunnel to increase performance