SlideShare a Scribd company logo

CloudStack In Production

β€’
β€’
Clayton Weise
Clayton Weise

CloudStack has many moving parts, and although we will not get too far into the details of each piece, this will be a general overview of the different components of CloudStack. Some example deployments will be provided, how CloudStack interacts with Xen hosts and KVM hosts, as well as storage, networking, permissions, and usage accounting.

Technology
1 of 14
Download to read offline
CloudStack In Production Considerations & Design
What CloudStack Is ● CloudStack is a cloud management platform (CMP) β—‹ Hypervisors β—‹ Layer 2 Network - VLANs / Security Groups / SDN β—‹ Layer 3 Network - Firewall / Router / VPN / Load Balancer β—‹ Storage - Primary / Secondary ● CloudStack can be managed via API and/or a pretty Web GUI
What CloudStack Isn't ● CloudStack is not a drop-in replacement for tools such as Virt Manager, XenCenter, and the vSphere Client
CloudStack Hierarchy ● Zone = Datacenter β—‹ Network mode (basic or advanced) β—‹ Secondary storage ● Pod = Rack β—‹ Logical grouping of clusters ● Cluster = Grouping of hosts β—‹ Shared primary storage ● Host = Server β—‹ Link-local interfaces (all but VMware) ● Instance = VM
Infrastructure Components ● Management Services (Web UI, API, Database) ● Hosts (Servers) ● Guests (VMs/Instances) ● Primary Storage β—‹ Where your VMs live ● Secondary Storage β—‹ Static content -- ISO Images, Snapshots, Templates, etc ● Network Components (switches, VLANs, etc) β—‹ Switches, VLANs, SDN, virtual routers, external CloudStack managed devices such as Juniper SRX, NetScaler, F5, etc
Primary Storage ● Your VMs run here ● Primary storage is expected to be fault-tolerant, reliable, and performant ● Supported protocols/methods are: β—‹ Fibre Channel β—‹ iSCSI β—‹ CLVM β—‹ VMFS (VMware only) β—‹ NFS β—‹ SharedMountPoint (KVM only) β–  ShareMountPoint can be a cluster-aware filesystem such as OCFS2 or GFS2 β—‹ Ceph/RBD (KVM only -- very new, and very experimental) β—‹ Local storage β–  Note: you cannot live-migrate with local storage
Secondary Storage ● Only NFS is supported currently ● Does not need to be as fast or as reliable as primary ● Used to store: β—‹ Templates β—‹ Snapshots β—‹ ISO Images β—‹ Imported Volumes (temporarily)
How ACS Manages Hosts ● VMware β—‹ Licensed vCenter is required, individual ESXi hosts can not be managed or accessed by CloudStack ● XenServer, XCP & Xen β—‹ XAPI is used to manage all Xen based hosts along with a number of other scripts that CloudStack management will deploy ● KVM β—‹ A combination of cloud-agent (the primary means), libvirt, virsh, and server-side scripts β–  ** Note: Do not run mixed/matched clusters (e.g. Cent and Ubuntu in the same cluster)
CloudStack Network Modes ● Basic Networking Zone β—‹ Assumes flat public network β—‹ Assigns public addresses to all instances β—‹ Uses security groups for guest isolation β—‹ Less complex configurations and networking ● Advanced Networking Zone β—‹ VLANs or SDN for guest segregation β—‹ RFC1918 addresses assigned to instances β—‹ Security groups not supported β—‹ VPC supported (virtual private cloud) β—‹ VPN available (site-to-site and L2TP/IPSec) β—‹ Inter-VLAN routing (tiered networks) β—‹ More complex configurations and networking
Host Networking ● Physical interfaces (NICs) ● Tagged interfaces (VLANs) ● Virtual NICs (vNIC on the guest) and their representation on the virtual switch ● Security groups β—‹ Filtering using ebtables to apply iptables rules within a bridge ● Bridges β—‹ Know them, love them
Accounts, Domains, Projects, and Users ● Accounts own resources β—‹ For example: instances, volumes, templates, networks, etc β—‹ Two accounts, even on the same domain, cannot see each other's resources ● Domains are logical containers for accounts β—‹ Domains can impose limits on accounts within them ● Users are tied to accounts and are used for authentication β—‹ Users can access CloudStack via the Web UI and/or API ● Projects own resources and can allow multiple accounts to control/share them same resources β—‹ One account is delegated the "owner" of the project -- the owner can add/remove other accounts to the project β—‹ All accounts must be children of the same domain
SDN - Software Defined Networking ● When 4096 VLANs just aren't enough make millions of tunnels instead! ● GRE β—‹ Simple, universal, supported by Open vSwitch and others β—‹ GRE has overhead and doesn't correct for it, this can cause problems with packets over 1500 bytes unless tcp adjust mss can be enabled within the tunnel β—‹ Lightweight, easy to implement and understand ● STT β—‹ New, promising protocol but not widely implemented β—‹ No overhead issue β—‹ Uses TCP offload in NICs to process the tunnel to increase performance
Questions/Discussion Clayton Weise clayton@claytonweise.com Kelcey Jamison-Damage me@kelceydamage.com kelcey@bbits.ca
Thank You

Recommended

Zettabyte File System (ZFS)
Zettabyte File System (ZFS)Zettabyte File System (ZFS)
Zettabyte File System (ZFS)GLC Networks
Β 
Software Defined Datacenter with Proxmox
Software Defined Datacenter with ProxmoxSoftware Defined Datacenter with Proxmox
Software Defined Datacenter with ProxmoxGLC Networks
Β 
OSDC 2013 | Distributed Storage with GlusterFS by Dr. Udo Seidel
OSDC 2013 | Distributed Storage with GlusterFS by Dr. Udo SeidelOSDC 2013 | Distributed Storage with GlusterFS by Dr. Udo Seidel
OSDC 2013 | Distributed Storage with GlusterFS by Dr. Udo SeidelNETWAYS
Β 
Scalable distributed stream_processing
Scalable distributed stream_processingScalable distributed stream_processing
Scalable distributed stream_processingmgarren
Β 
Dynomite - PerconaLive 2017
Dynomite - PerconaLive 2017Dynomite - PerconaLive 2017
Dynomite - PerconaLive 2017Ioannis Papapanagiotou
Β 
Lt2013 glusterfs.talk
Lt2013 glusterfs.talkLt2013 glusterfs.talk
Lt2013 glusterfs.talkUdo Seidel
Β 
Socket programming, and openresty
Socket programming, and openrestySocket programming, and openresty
Socket programming, and openrestyTavish Naruka
Β 
Ireland Moot 2013 Admin Workshop Afternoon Session
Ireland Moot 2013 Admin Workshop Afternoon SessionIreland Moot 2013 Admin Workshop Afternoon Session
Ireland Moot 2013 Admin Workshop Afternoon SessionRemote-Learner UK
Β 

Recommended

Zettabyte File System (ZFS)
Zettabyte File System (ZFS)Zettabyte File System (ZFS)
Zettabyte File System (ZFS)GLC Networks
Β 
Software Defined Datacenter with Proxmox
Software Defined Datacenter with ProxmoxSoftware Defined Datacenter with Proxmox
Software Defined Datacenter with ProxmoxGLC Networks
Β 
OSDC 2013 | Distributed Storage with GlusterFS by Dr. Udo Seidel
OSDC 2013 | Distributed Storage with GlusterFS by Dr. Udo SeidelOSDC 2013 | Distributed Storage with GlusterFS by Dr. Udo Seidel
OSDC 2013 | Distributed Storage with GlusterFS by Dr. Udo SeidelNETWAYS
Β 
Scalable distributed stream_processing
Scalable distributed stream_processingScalable distributed stream_processing
Scalable distributed stream_processingmgarren
Β 
Dynomite - PerconaLive 2017
Dynomite - PerconaLive 2017Dynomite - PerconaLive 2017
Dynomite - PerconaLive 2017Ioannis Papapanagiotou
Β 
Lt2013 glusterfs.talk
Lt2013 glusterfs.talkLt2013 glusterfs.talk
Lt2013 glusterfs.talkUdo Seidel
Β 
Socket programming, and openresty
Socket programming, and openrestySocket programming, and openresty
Socket programming, and openrestyTavish Naruka
Β 
Ireland Moot 2013 Admin Workshop Afternoon Session
Ireland Moot 2013 Admin Workshop Afternoon SessionIreland Moot 2013 Admin Workshop Afternoon Session
Ireland Moot 2013 Admin Workshop Afternoon SessionRemote-Learner UK
Β 
SAN(EMC) ONLINE TRAINING
SAN(EMC) ONLINE TRAININGSAN(EMC) ONLINE TRAINING
SAN(EMC) ONLINE TRAININGsoftnsol anusha
Β 
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vosOSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vosNETWAYS
Β 
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820innov-acts-ltd
Β 
Running OpenStack in Production - Barcamp Saigon 2016
Running OpenStack in Production - Barcamp Saigon 2016Running OpenStack in Production - Barcamp Saigon 2016
Running OpenStack in Production - Barcamp Saigon 2016Thang Man
Β 
Messaging for the cloud
Messaging for the cloudMessaging for the cloud
Messaging for the clouddejanb
Β 
Dynamic routing in microservice oriented architecture
Dynamic routing in microservice oriented architectureDynamic routing in microservice oriented architecture
Dynamic routing in microservice oriented architectureDaniel Leon
Β 
RPC in Smalltalk
RPC in Smalltalk RPC in Smalltalk
RPC in SmalltalkESUG
Β 
GlusterD 2.0 - Managing Distributed File System Using a Centralized Store
GlusterD 2.0 - Managing Distributed File System Using a Centralized StoreGlusterD 2.0 - Managing Distributed File System Using a Centralized Store
GlusterD 2.0 - Managing Distributed File System Using a Centralized StoreAtin Mukherjee
Β 
OpenNebula LXD Container Support overview
OpenNebula LXD Container Support overviewOpenNebula LXD Container Support overview
OpenNebula LXD Container Support overviewCSUC - Consorci de Serveis Universitaris de Catalunya
Β 
State of the_gluster_-_lceu
State of the_gluster_-_lceuState of the_gluster_-_lceu
State of the_gluster_-_lceuGluster.org
Β 
Guest Agents: Support & Implementation
Guest Agents: Support & ImplementationGuest Agents: Support & Implementation
Guest Agents: Support & ImplementationMirantis
Β 
Introduction to AdroitLogic and UltraESB
Introduction to AdroitLogic and UltraESBIntroduction to AdroitLogic and UltraESB
Introduction to AdroitLogic and UltraESBAdroitLogic
Β 
SDN Programming with Go
SDN Programming with GoSDN Programming with Go
SDN Programming with GoDonaldson Tan
Β 
NATS vs HTTP
NATS vs HTTPNATS vs HTTP
NATS vs HTTPApcera
Β 
Third-party software management under BSD
Third-party software management under BSDThird-party software management under BSD
Third-party software management under BSDAndrew Pantyukhin
Β 
Cloud Standards and CloudStack
Cloud Standards and CloudStackCloud Standards and CloudStack
Cloud Standards and CloudStackSebastien Goasguen
Β 
Intro to Cloudstack
Intro to CloudstackIntro to Cloudstack
Intro to CloudstackSebastien Goasguen
Β 
CloudStack for Java User Group
CloudStack for Java User GroupCloudStack for Java User Group
CloudStack for Java User GroupSebastien Goasguen
Β 
DevCloud and CloudMonkey
DevCloud and CloudMonkeyDevCloud and CloudMonkey
DevCloud and CloudMonkeySebastien Goasguen
Β 
Apache CloudStack AlpesJUG
Apache CloudStack AlpesJUGApache CloudStack AlpesJUG
Apache CloudStack AlpesJUGSebastien Goasguen
Β 
CloudStack Conference Public Clouds Use Cases
CloudStack Conference Public Clouds Use CasesCloudStack Conference Public Clouds Use Cases
CloudStack Conference Public Clouds Use CasesSebastien Goasguen
Β 
OpenNebulaConf2018 - Is Hyperconverged Infrastructure what you need? - Boyan ...
OpenNebulaConf2018 - Is Hyperconverged Infrastructure what you need? - Boyan ...OpenNebulaConf2018 - Is Hyperconverged Infrastructure what you need? - Boyan ...
OpenNebulaConf2018 - Is Hyperconverged Infrastructure what you need? - Boyan ...OpenNebula Project
Β 

More Related Content

What's hot

SAN(EMC) ONLINE TRAINING
SAN(EMC) ONLINE TRAININGSAN(EMC) ONLINE TRAINING
SAN(EMC) ONLINE TRAININGsoftnsol anusha
Β 
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vosOSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vosNETWAYS
Β 
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820innov-acts-ltd
Β 
Running OpenStack in Production - Barcamp Saigon 2016
Running OpenStack in Production - Barcamp Saigon 2016Running OpenStack in Production - Barcamp Saigon 2016
Running OpenStack in Production - Barcamp Saigon 2016Thang Man
Β 
Messaging for the cloud
Messaging for the cloudMessaging for the cloud
Messaging for the clouddejanb
Β 
Dynamic routing in microservice oriented architecture
Dynamic routing in microservice oriented architectureDynamic routing in microservice oriented architecture
Dynamic routing in microservice oriented architectureDaniel Leon
Β 
RPC in Smalltalk
RPC in Smalltalk RPC in Smalltalk
RPC in SmalltalkESUG
Β 
GlusterD 2.0 - Managing Distributed File System Using a Centralized Store
GlusterD 2.0 - Managing Distributed File System Using a Centralized StoreGlusterD 2.0 - Managing Distributed File System Using a Centralized Store
GlusterD 2.0 - Managing Distributed File System Using a Centralized StoreAtin Mukherjee
Β 
State of the_gluster_-_lceu
State of the_gluster_-_lceuState of the_gluster_-_lceu
State of the_gluster_-_lceuGluster.org
Β 
Guest Agents: Support & Implementation
Guest Agents: Support & ImplementationGuest Agents: Support & Implementation
Guest Agents: Support & ImplementationMirantis
Β 
Introduction to AdroitLogic and UltraESB
Introduction to AdroitLogic and UltraESBIntroduction to AdroitLogic and UltraESB
Introduction to AdroitLogic and UltraESBAdroitLogic
Β 
SDN Programming with Go
SDN Programming with GoSDN Programming with Go
SDN Programming with GoDonaldson Tan
Β 
NATS vs HTTP
NATS vs HTTPNATS vs HTTP
NATS vs HTTPApcera
Β 
Third-party software management under BSD
Third-party software management under BSDThird-party software management under BSD
Third-party software management under BSDAndrew Pantyukhin
Β 

What's hot (15)

SAN(EMC) ONLINE TRAINING
SAN(EMC) ONLINE TRAININGSAN(EMC) ONLINE TRAINING
SAN(EMC) ONLINE TRAINING
Β 
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vosOSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
Β 
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820
Β 
Running OpenStack in Production - Barcamp Saigon 2016
Running OpenStack in Production - Barcamp Saigon 2016Running OpenStack in Production - Barcamp Saigon 2016
Running OpenStack in Production - Barcamp Saigon 2016
Β 
Messaging for the cloud
Messaging for the cloudMessaging for the cloud
Messaging for the cloud
Β 
Dynamic routing in microservice oriented architecture
Dynamic routing in microservice oriented architectureDynamic routing in microservice oriented architecture
Dynamic routing in microservice oriented architecture
Β 
RPC in Smalltalk
RPC in Smalltalk RPC in Smalltalk
RPC in Smalltalk
Β 
GlusterD 2.0 - Managing Distributed File System Using a Centralized Store
GlusterD 2.0 - Managing Distributed File System Using a Centralized StoreGlusterD 2.0 - Managing Distributed File System Using a Centralized Store
GlusterD 2.0 - Managing Distributed File System Using a Centralized Store
Β 
OpenNebula LXD Container Support overview
OpenNebula LXD Container Support overviewOpenNebula LXD Container Support overview
OpenNebula LXD Container Support overview
Β 
State of the_gluster_-_lceu
State of the_gluster_-_lceuState of the_gluster_-_lceu
State of the_gluster_-_lceu
Β 
Guest Agents: Support & Implementation
Guest Agents: Support & ImplementationGuest Agents: Support & Implementation
Guest Agents: Support & Implementation
Β 
Introduction to AdroitLogic and UltraESB
Introduction to AdroitLogic and UltraESBIntroduction to AdroitLogic and UltraESB
Introduction to AdroitLogic and UltraESB
Β 
SDN Programming with Go
SDN Programming with GoSDN Programming with Go
SDN Programming with Go
Β 
NATS vs HTTP
NATS vs HTTPNATS vs HTTP
NATS vs HTTP
Β 
Third-party software management under BSD
Third-party software management under BSDThird-party software management under BSD
Third-party software management under BSD
Β 

Viewers also liked

Cloud Standards and CloudStack
Cloud Standards and CloudStackCloud Standards and CloudStack
Cloud Standards and CloudStackSebastien Goasguen
Β 
CloudStack for Java User Group
CloudStack for Java User GroupCloudStack for Java User Group
CloudStack for Java User GroupSebastien Goasguen
Β 
DevCloud and CloudMonkey
DevCloud and CloudMonkeyDevCloud and CloudMonkey
DevCloud and CloudMonkeySebastien Goasguen
Β 
Apache CloudStack AlpesJUG
Apache CloudStack AlpesJUGApache CloudStack AlpesJUG
Apache CloudStack AlpesJUGSebastien Goasguen
Β 
CloudStack Conference Public Clouds Use Cases
CloudStack Conference Public Clouds Use CasesCloudStack Conference Public Clouds Use Cases
CloudStack Conference Public Clouds Use CasesSebastien Goasguen
Β 

Viewers also liked (6)

Cloud Standards and CloudStack
Cloud Standards and CloudStackCloud Standards and CloudStack
Cloud Standards and CloudStack
Β 
Intro to Cloudstack
Intro to CloudstackIntro to Cloudstack
Intro to Cloudstack
Β 
CloudStack for Java User Group
CloudStack for Java User GroupCloudStack for Java User Group
CloudStack for Java User Group
Β 
DevCloud and CloudMonkey
DevCloud and CloudMonkeyDevCloud and CloudMonkey
DevCloud and CloudMonkey
Β 
Apache CloudStack AlpesJUG
Apache CloudStack AlpesJUGApache CloudStack AlpesJUG
Apache CloudStack AlpesJUG
Β 
CloudStack Conference Public Clouds Use Cases
CloudStack Conference Public Clouds Use CasesCloudStack Conference Public Clouds Use Cases
CloudStack Conference Public Clouds Use Cases
Β 

Similar to CloudStack In Production

OpenNebulaConf2018 - Is Hyperconverged Infrastructure what you need? - Boyan ...
OpenNebulaConf2018 - Is Hyperconverged Infrastructure what you need? - Boyan ...OpenNebulaConf2018 - Is Hyperconverged Infrastructure what you need? - Boyan ...
OpenNebulaConf2018 - Is Hyperconverged Infrastructure what you need? - Boyan ...OpenNebula Project
Β 
Kubernetes from scratch at veepee sysadmins days 2019
Kubernetes from scratch at veepee sysadmins days 2019Kubernetes from scratch at veepee sysadmins days 2019
Kubernetes from scratch at veepee sysadmins days 2019πŸ”§ LoΓ―c BLOT
Β 
OpenNebulaConf2015 1.10 OpenNebula Networking: SDNs & NFVs - Ruben S. Montero
OpenNebulaConf2015 1.10 OpenNebula Networking: SDNs & NFVs - Ruben S. MonteroOpenNebulaConf2015 1.10 OpenNebula Networking: SDNs & NFVs - Ruben S. Montero
OpenNebulaConf2015 1.10 OpenNebula Networking: SDNs & NFVs - Ruben S. MonteroOpenNebula Project
Β 
Linux Stammtisch Munich: Ceph - Overview, Experiences and Outlook
Linux Stammtisch Munich: Ceph - Overview, Experiences and OutlookLinux Stammtisch Munich: Ceph - Overview, Experiences and Outlook
Linux Stammtisch Munich: Ceph - Overview, Experiences and OutlookDanny Al-Gaaf
Β 
OpenStack Best Practices and Considerations - terasky tech day
OpenStack Best Practices and Considerations - terasky tech dayOpenStack Best Practices and Considerations - terasky tech day
OpenStack Best Practices and Considerations - terasky tech dayArthur Berezin
Β 
OpenNebula Networking - RubΓ©n S. Montero
OpenNebula Networking - RubΓ©n S. MonteroOpenNebula Networking - RubΓ©n S. Montero
OpenNebula Networking - RubΓ©n S. MonteroOpenNebula Project
Β 
99.999% Available OpenStack Cloud - A Builder's Guide
99.999% Available OpenStack Cloud - A Builder's Guide99.999% Available OpenStack Cloud - A Builder's Guide
99.999% Available OpenStack Cloud - A Builder's GuideDanny Al-Gaaf
Β 
Security of Linux containers in the cloud
Security of Linux containers in the cloudSecurity of Linux containers in the cloud
Security of Linux containers in the cloudDobrica Pavlinuőić
Β 
Dreamhost deploying dreamcompute at scale
Dreamhost deploying dreamcompute at scaleDreamhost deploying dreamcompute at scale
Dreamhost deploying dreamcompute at scaleCumulus Networks
Β 
CEPH DAY BERLIN - WHAT'S NEW IN CEPH
CEPH DAY BERLIN - WHAT'S NEW IN CEPH CEPH DAY BERLIN - WHAT'S NEW IN CEPH
CEPH DAY BERLIN - WHAT'S NEW IN CEPH Ceph Community
Β 
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking ShapeBlue
Β 
OpenShift Virtualization- Technical Overview.pdf
OpenShift Virtualization- Technical Overview.pdfOpenShift Virtualization- Technical Overview.pdf
OpenShift Virtualization- Technical Overview.pdfssuser1490e8
Β 
The State of Ceph, Manila, and Containers in OpenStack
The State of Ceph, Manila, and Containers in OpenStackThe State of Ceph, Manila, and Containers in OpenStack
The State of Ceph, Manila, and Containers in OpenStackSage Weil
Β 
Open stack HA - Theory to Reality
Open stack HA - Theory to RealityOpen stack HA - Theory to Reality
Open stack HA - Theory to RealitySriram Subramanian
Β 
2021.02 new in Ceph Pacific Dashboard
2021.02 new in Ceph Pacific Dashboard2021.02 new in Ceph Pacific Dashboard
2021.02 new in Ceph Pacific DashboardCeph Community
Β 
KubeCon + CloudNative Con NA 2021 | A New Generation of NATS
KubeCon + CloudNative Con NA 2021 | A New Generation of NATSKubeCon + CloudNative Con NA 2021 | A New Generation of NATS
KubeCon + CloudNative Con NA 2021 | A New Generation of NATSNATS
Β 
CloudStack - LinuxFest NorthWest
CloudStack - LinuxFest NorthWestCloudStack - LinuxFest NorthWest
CloudStack - LinuxFest NorthWestke4qqq
Β 
Openstack overview thomas-goirand
Openstack overview thomas-goirandOpenstack overview thomas-goirand
Openstack overview thomas-goirandOpenCity Community
Β 
DOST: Ceph in a security critical OpenStack cloud
DOST: Ceph in a security critical OpenStack cloudDOST: Ceph in a security critical OpenStack cloud
DOST: Ceph in a security critical OpenStack cloudDanny Al-Gaaf
Β 

Similar to CloudStack In Production (20)

OpenNebulaConf2018 - Is Hyperconverged Infrastructure what you need? - Boyan ...
OpenNebulaConf2018 - Is Hyperconverged Infrastructure what you need? - Boyan ...OpenNebulaConf2018 - Is Hyperconverged Infrastructure what you need? - Boyan ...
OpenNebulaConf2018 - Is Hyperconverged Infrastructure what you need? - Boyan ...
Β 
Kubernetes from scratch at veepee sysadmins days 2019
Kubernetes from scratch at veepee sysadmins days 2019Kubernetes from scratch at veepee sysadmins days 2019
Kubernetes from scratch at veepee sysadmins days 2019
Β 
OpenNebulaConf2015 1.10 OpenNebula Networking: SDNs & NFVs - Ruben S. Montero
OpenNebulaConf2015 1.10 OpenNebula Networking: SDNs & NFVs - Ruben S. MonteroOpenNebulaConf2015 1.10 OpenNebula Networking: SDNs & NFVs - Ruben S. Montero
OpenNebulaConf2015 1.10 OpenNebula Networking: SDNs & NFVs - Ruben S. Montero
Β 
Linux Stammtisch Munich: Ceph - Overview, Experiences and Outlook
Linux Stammtisch Munich: Ceph - Overview, Experiences and OutlookLinux Stammtisch Munich: Ceph - Overview, Experiences and Outlook
Linux Stammtisch Munich: Ceph - Overview, Experiences and Outlook
Β 
OpenStack Best Practices and Considerations - terasky tech day
OpenStack Best Practices and Considerations - terasky tech dayOpenStack Best Practices and Considerations - terasky tech day
OpenStack Best Practices and Considerations - terasky tech day
Β 
OpenNebula Networking - RubΓ©n S. Montero
OpenNebula Networking - RubΓ©n S. MonteroOpenNebula Networking - RubΓ©n S. Montero
OpenNebula Networking - RubΓ©n S. Montero
Β 
99.999% Available OpenStack Cloud - A Builder's Guide
99.999% Available OpenStack Cloud - A Builder's Guide99.999% Available OpenStack Cloud - A Builder's Guide
99.999% Available OpenStack Cloud - A Builder's Guide
Β 
Security of Linux containers in the cloud
Security of Linux containers in the cloudSecurity of Linux containers in the cloud
Security of Linux containers in the cloud
Β 
Dreamhost deploying dreamcompute at scale
Dreamhost deploying dreamcompute at scaleDreamhost deploying dreamcompute at scale
Dreamhost deploying dreamcompute at scale
Β 
CEPH DAY BERLIN - WHAT'S NEW IN CEPH
CEPH DAY BERLIN - WHAT'S NEW IN CEPH CEPH DAY BERLIN - WHAT'S NEW IN CEPH
CEPH DAY BERLIN - WHAT'S NEW IN CEPH
Β 
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Β 
OpenShift Virtualization- Technical Overview.pdf
OpenShift Virtualization- Technical Overview.pdfOpenShift Virtualization- Technical Overview.pdf
OpenShift Virtualization- Technical Overview.pdf
Β 
The State of Ceph, Manila, and Containers in OpenStack
The State of Ceph, Manila, and Containers in OpenStackThe State of Ceph, Manila, and Containers in OpenStack
The State of Ceph, Manila, and Containers in OpenStack
Β 
Open stack HA - Theory to Reality
Open stack HA - Theory to RealityOpen stack HA - Theory to Reality
Open stack HA - Theory to Reality
Β 
Apache CloudStack from API to UI
Apache CloudStack from API to UIApache CloudStack from API to UI
Apache CloudStack from API to UI
Β 
2021.02 new in Ceph Pacific Dashboard
2021.02 new in Ceph Pacific Dashboard2021.02 new in Ceph Pacific Dashboard
2021.02 new in Ceph Pacific Dashboard
Β 
KubeCon + CloudNative Con NA 2021 | A New Generation of NATS
KubeCon + CloudNative Con NA 2021 | A New Generation of NATSKubeCon + CloudNative Con NA 2021 | A New Generation of NATS
KubeCon + CloudNative Con NA 2021 | A New Generation of NATS
Β 
CloudStack - LinuxFest NorthWest
CloudStack - LinuxFest NorthWestCloudStack - LinuxFest NorthWest
CloudStack - LinuxFest NorthWest
Β 
Openstack overview thomas-goirand
Openstack overview thomas-goirandOpenstack overview thomas-goirand
Openstack overview thomas-goirand
Β 
DOST: Ceph in a security critical OpenStack cloud
DOST: Ceph in a security critical OpenStack cloudDOST: Ceph in a security critical OpenStack cloud
DOST: Ceph in a security critical OpenStack cloud
Β 

Recently uploaded

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
Β 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
Β 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
Β 
WhatsApp 9892124323 βœ“Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 βœ“Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 βœ“Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 βœ“Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
Β 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
Β 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
Β 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
Β 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
Β 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
Β 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
Β 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
Β 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
Β 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
Β 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
Β 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
Β 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
Β 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
Β 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
Β 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
Β 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
Β 

Recently uploaded (20)

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Β 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
Β 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
Β 
WhatsApp 9892124323 βœ“Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 βœ“Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 βœ“Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 βœ“Call Girls In Kalyan ( Mumbai ) secure service
Β 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Β 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
Β 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
Β 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Β 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Β 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Β 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
Β 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Β 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
Β 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
Β 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Β 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
Β 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
Β 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Β 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Β 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Β 

CloudStack In Production

  • 2. What CloudStack Is ● CloudStack is a cloud management platform (CMP) β—‹ Hypervisors β—‹ Layer 2 Network - VLANs / Security Groups / SDN β—‹ Layer 3 Network - Firewall / Router / VPN / Load Balancer β—‹ Storage - Primary / Secondary ● CloudStack can be managed via API and/or a pretty Web GUI
  • 3. What CloudStack Isn't ● CloudStack is not a drop-in replacement for tools such as Virt Manager, XenCenter, and the vSphere Client
  • 4. CloudStack Hierarchy ● Zone = Datacenter β—‹ Network mode (basic or advanced) β—‹ Secondary storage ● Pod = Rack β—‹ Logical grouping of clusters ● Cluster = Grouping of hosts β—‹ Shared primary storage ● Host = Server β—‹ Link-local interfaces (all but VMware) ● Instance = VM
  • 5. Infrastructure Components ● Management Services (Web UI, API, Database) ● Hosts (Servers) ● Guests (VMs/Instances) ● Primary Storage β—‹ Where your VMs live ● Secondary Storage β—‹ Static content -- ISO Images, Snapshots, Templates, etc ● Network Components (switches, VLANs, etc) β—‹ Switches, VLANs, SDN, virtual routers, external CloudStack managed devices such as Juniper SRX, NetScaler, F5, etc
  • 6. Primary Storage ● Your VMs run here ● Primary storage is expected to be fault-tolerant, reliable, and performant ● Supported protocols/methods are: β—‹ Fibre Channel β—‹ iSCSI β—‹ CLVM β—‹ VMFS (VMware only) β—‹ NFS β—‹ SharedMountPoint (KVM only) β–  ShareMountPoint can be a cluster-aware filesystem such as OCFS2 or GFS2 β—‹ Ceph/RBD (KVM only -- very new, and very experimental) β—‹ Local storage β–  Note: you cannot live-migrate with local storage
  • 7. Secondary Storage ● Only NFS is supported currently ● Does not need to be as fast or as reliable as primary ● Used to store: β—‹ Templates β—‹ Snapshots β—‹ ISO Images β—‹ Imported Volumes (temporarily)
  • 8. How ACS Manages Hosts ● VMware β—‹ Licensed vCenter is required, individual ESXi hosts can not be managed or accessed by CloudStack ● XenServer, XCP & Xen β—‹ XAPI is used to manage all Xen based hosts along with a number of other scripts that CloudStack management will deploy ● KVM β—‹ A combination of cloud-agent (the primary means), libvirt, virsh, and server-side scripts β–  ** Note: Do not run mixed/matched clusters (e.g. Cent and Ubuntu in the same cluster)
  • 9. CloudStack Network Modes ● Basic Networking Zone β—‹ Assumes flat public network β—‹ Assigns public addresses to all instances β—‹ Uses security groups for guest isolation β—‹ Less complex configurations and networking ● Advanced Networking Zone β—‹ VLANs or SDN for guest segregation β—‹ RFC1918 addresses assigned to instances β—‹ Security groups not supported β—‹ VPC supported (virtual private cloud) β—‹ VPN available (site-to-site and L2TP/IPSec) β—‹ Inter-VLAN routing (tiered networks) β—‹ More complex configurations and networking
  • 10. Host Networking ● Physical interfaces (NICs) ● Tagged interfaces (VLANs) ● Virtual NICs (vNIC on the guest) and their representation on the virtual switch ● Security groups β—‹ Filtering using ebtables to apply iptables rules within a bridge ● Bridges β—‹ Know them, love them
  • 11. Accounts, Domains, Projects, and Users ● Accounts own resources β—‹ For example: instances, volumes, templates, networks, etc β—‹ Two accounts, even on the same domain, cannot see each other's resources ● Domains are logical containers for accounts β—‹ Domains can impose limits on accounts within them ● Users are tied to accounts and are used for authentication β—‹ Users can access CloudStack via the Web UI and/or API ● Projects own resources and can allow multiple accounts to control/share them same resources β—‹ One account is delegated the "owner" of the project -- the owner can add/remove other accounts to the project β—‹ All accounts must be children of the same domain
  • 12. SDN - Software Defined Networking ● When 4096 VLANs just aren't enough make millions of tunnels instead! ● GRE β—‹ Simple, universal, supported by Open vSwitch and others β—‹ GRE has overhead and doesn't correct for it, this can cause problems with packets over 1500 bytes unless tcp adjust mss can be enabled within the tunnel β—‹ Lightweight, easy to implement and understand ● STT β—‹ New, promising protocol but not widely implemented β—‹ No overhead issue β—‹ Uses TCP offload in NICs to process the tunnel to increase performance