1. Kimihiko Kitase
Solution Marketing Manager at Citrix
Hiroaki Kawai
Senior engineer at Stratosphere | Committer at Apache CloudStack
CloudStack Networking
2. 北瀬 公彦
KIMIHIKO KITASE
Board member at Japan CloudStack User Group
Solution marketing manager at Citrix
Joined to Citrix on March, 2000. TS R&D SE Sol | OSS community marketing
twitter: @kkitase
mail: kkitase@gmail.com
web: http://v12n.jp
http://cloudstack.jp
Wrote lots of magazines, book, articles related virtualization and cloud.
Desktop
Virtualization
Server
Virtualization
Cloud
and Network
3. • De Fact Standard
Cloud Management Platform
• Beautiful self-service portal UI
• Admin, group admin, end user
• Various networking services
• LB, FW, VPN, NAT, etc
• Work with external network appliance
• OSS: Apache Software Foundation
• Apache CloudStack
(Latest ver. 4.0.2)
• Commercial Distribution: Citrix
• Citrix CloudPlatform
(Latest ver. 3.0.6)
What is CloudStack?
4. CloudStack Supports Multiple Cloud Strategies
Multi-tenant
Public Cloud
• Dedicated resources
• Security & total control
• Internal network
• Managed by Enterprise or 3rd
party
• Mix of shared and
dedicated resources
• Elastic scaling
• Pay as you go
• Public internet, VPN access
Hosted
Private Cloud
• Dedicated resources
• Security
• SLA bound
• 3rd party owned and
operated
Private Clouds Public Clouds
On-premise
Private Cloud
6. From the Latest Nikkei Computer
““Our cloud infra is based on CloudStack” is sales talk.”
by one service provider’s evangelist
7. APIforintegration User Interface API for developer
Amazon CloudStackCloud admin Tenant admin End User
Availability and Security
Server Network Storage
Virtualization Layer
server storage network
VM management
Backup
Load
Balancer
reliability monitoring
Image Library
Service catalog
OS templates
ISOs
Resource management
CMS,Billing,Helpdesk,
AccountManagement,etc…IaaS Archtecture
metering
8. APIforintegration User Interface API for developer
Amazon CloudStackCloud admin Tenant admin End User
Availability and Security
Server Network Storage
Virtualization Layer
server storage network
VM management
Backup
Load
Balancer
reliability monitoring
Image Library
Service catalog
OS templates
ISOs
Resource management
CMS,Billing,Helpdesk,
AccountManagement,etc…Area covered by Apache CloudStack
metering
9. Compute Storage Network
Management & Security PaaS Automation
Business Portals Migration&Monitoring Application Mgmt.
y
Public Clouds
Cloud Ecosystem
12. Pod 1
….
Cluster N
L2 switch
Host 2
Cluster 1
CloudStack components
Host 1
Host is the basic unit of scale. Runs a
hypervisor or is bare metal
Cluster consists of one ore more hosts
of same hypervisor
All hosts in cluster have access to
shared (primary) storage
Pod is one or more clusters, usually
with a L2 switch. Represents a rack
Availability Zone has one or more
pods, has access to secondary storage.
Firewall and Load balancers separate
public and private networks
One or more zones represent cloud
Primary
Storage
Zone 1
FirewallLoad Balancer
….
L3 switch
Secondary
Storage
Pod N
13. Data Center 1
Multi zones architecture
Availability
Zone 1
Data Center 2
Secondary
Management
Server
MySQL
Replication
Data Center 3
Data Center 4
Availability
Zone 2
Availability
Zone 3
Availability
Zone 4
Primary
Management
Server
55. Layer-3 Guest network - Basic Network
65.11.1.2 Guest VM
1
Guest VM
2
Guest VM
3
Guest VM
4
Public network
NetScaler
Load
Balancer
65.11.1.3
65.11.1.4
65.11.1.5
DHCP
DNS
Virtual
Router
Tenant A
Security group 1
10.1.2.3 Guest VM
1
Guest VM
2
Guest VM
3
Guest VM
4
10.1.2.4
10.1.2.5
10.1.2.6
EIP, ELB
65.11.1.2
65.11.1.3
L3
Switch
Tenant B
Security Group 2
DHCP
DNS
Virtual
Router
Public network
Networking Service model
provided by Virtual Router
Networking Service model
provided by external network appliance
Tenant A
Security group 1
Tenant B
Security Group 2
56. Layer-2 Gust network - Advanced Network
Guest network
10.1.1.1/8
Gateway
10.1.1.1
DHCP
DNS
NAT
Load Balancing
VPN
Public IP
65.37.141.11
10.1.1.1
Guest VM
1
10.1.1.3
Guest VM
2
10.1.1.4
Guest VM
3
10.1.1.5
Guest VM
4
Guest network
10.1.1.1/8
Private IP
10.1.1.112
DHCP
DNS
Public IP
65.37.141.112
10.1.1.1
Guest VM
1
10.1.1.3
Guest VM
2
10.1.1.4
Guest VM
3
10.1.1.5
Guest VM
4
NetScaler
Load
Balancer
Private IP
10.1.1.111
Public IP
65.37.141.111 Juniper
SRX
Firewall
Networking Service model
provided by Virtual Router
Networking Service model
provided by external network appliance
Virtual
Router
Public network Public network
Virtual
Router
Tenant B
VLAN 101
Tenant A
VLAN 100
Tenant A
VLAN 100
Tenant B
VLAN 101
Virtual
Router
Virtual
Router
57. Virtual Router
• When Advanced network is used VR is deployed Per-Account
• Provide multiple networking services
ᵒ DHCP, DNS, NAT, Source NAT, Firewall, VPN, User-data
• VR details
ᵒ Debian 6.0 ("Squeeze"), 2.6.32 kernel with the latest security patches
from the Debian security APT repository
ᵒ Latest versions of dnsmasq, haproxy, iptables, ipsec, apache
ᵒ Latest version of JRE
• Can be accessed via SSH using key from management server
58. Web
App
DB
Virtual Router
Virtual Private Cloud a.k.a. VPC
Create one or more networks
Configure firewall rules
Configure LB rules
Deploy & manage VMs
VLAN 1
VLAN 2
VLAN 3
Tenant A