vbacd - deploying infrastructure-as-a-service with cloudstack - 2/28
DESCRIPTION
Cloudstack is an open source Infrastructure-as-a-Service (IaaS) software platform available under the GPLv3 license, which enables users to build, manage and deploy compute cloud environments. The community edition is based on the latest, leading edge features and bits that the Cloud.com team of engineers are working on and is supported by our open source community. Using CloudStack a free and open source cloud computing software to build a private cloud. During the training attendees will be instructed on how to install Cloudstack to manage virtual infrastructure in a private cloud computing configuration. At the conclusion of the Build a Private Cloud section users will have the knowledge needed to create a simple private cloud computing environment.TRANSCRIPT
![Page 1: vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28](https://reader035.vdocument.in/reader035/viewer/2022062404/554cb6e2b4c905aa608b4f07/html5/thumbnails/1.jpg)
CLOUDSTACK
David Nalley [email protected]/identi.ca: @ke4qqq / IRC: ke4qqq in #cloudstack on freenode
![Page 2: vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28](https://reader035.vdocument.in/reader035/viewer/2022062404/554cb6e2b4c905aa608b4f07/html5/thumbnails/2.jpg)
L ICENSING
This presentation and it’s contents unless otherwise noted are released under a Creative Commons Attributions, Share-Alike 3.0 unported license.
![Page 3: vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28](https://reader035.vdocument.in/reader035/viewer/2022062404/554cb6e2b4c905aa608b4f07/html5/thumbnails/3.jpg)
HISTORY
Original company formed - 2008 (VMOps) Project open sourced as CloudStack – May 2010 Acquired by Citrix – July 2011 Dropped open core – August 2011 Release of Acton (3.0) – Real soon now
![Page 4: vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28](https://reader035.vdocument.in/reader035/viewer/2022062404/554cb6e2b4c905aa608b4f07/html5/thumbnails/4.jpg)
WHAT IS CLOUDSTACK?
Open Source Infrastructure as a Service platform that supports multiple hypervisors, complex network, firewall, load balancer and VPN configurations, high availability, in a multi-tenant environment.
![Page 5: vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28](https://reader035.vdocument.in/reader035/viewer/2022062404/554cb6e2b4c905aa608b4f07/html5/thumbnails/5.jpg)
WHAT DOES IT REALLY DO?
Provide separation for the varied tenants Allocate compute resources in a deterministic manner Expose to the end user the ability to provision various
computing services in a controlled manner (VLAN allocation, firewall rules, load balancer deployment, VM creation, etc)
Manage High Availability Massively Scalable Permit the placement of resource limits to be applied Measuring usage over time
![Page 6: vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28](https://reader035.vdocument.in/reader035/viewer/2022062404/554cb6e2b4c905aa608b4f07/html5/thumbnails/6.jpg)
MULTIPLE HYPERVISOR SUPPORT
KVM XenServer Xen Cloud Platform VMware (via vCenter) Oracle VM Bare Metal
![Page 7: vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28](https://reader035.vdocument.in/reader035/viewer/2022062404/554cb6e2b4c905aa608b4f07/html5/thumbnails/7.jpg)
MULTI-TENANT SEPARATION
Largely built around abstraction from an end-user POV No interaction with hypervisor directly No knowledge of underlying storage
Networking separation Every account has at least one dedicated/isolated VLAN
(Tagged Networking) Layer 3 isolation aka Security Groups for untagged
networking Option to use dedicated hardware
![Page 8: vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28](https://reader035.vdocument.in/reader035/viewer/2022062404/554cb6e2b4c905aa608b4f07/html5/thumbnails/8.jpg)
NETWORKING
CloudStack has a number of network models They are generally broken down by:
Method of isolation (VLAN, Security Groups) Physical hardware or virtual
CloudStack largely manages network infrastructure
![Page 9: vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28](https://reader035.vdocument.in/reader035/viewer/2022062404/554cb6e2b4c905aa608b4f07/html5/thumbnails/9.jpg)
NETWORKING
Services managed by CloudStack DHCP VLAN allocation Firewall NAT/Port forwarding Routing VPN Load Balancing
![Page 10: vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28](https://reader035.vdocument.in/reader035/viewer/2022062404/554cb6e2b4c905aa608b4f07/html5/thumbnails/10.jpg)
NETWORKING
CloudStack can also manage physical network hardware (or the virtualized alternatives) F5-Big IP NetScaler Juniper SRX
Additionally you can ‘mix and match’ some network elements as service offerings.
![Page 11: vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28](https://reader035.vdocument.in/reader035/viewer/2022062404/554cb6e2b4c905aa608b4f07/html5/thumbnails/11.jpg)
SECURITY GROUPS
Traditional isolation has been via VLAN VLANs isolate well, but have some problems scaling
Standard has a hard limit of 4096 VLANs Hardware that can actually keep up with 4096 VLANs is
VERY expensive. Regardless people tend to not like having arbitrary limits
on what they can do. Amazon and others use layer 3 isolation (Security
Groups)
![Page 12: vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28](https://reader035.vdocument.in/reader035/viewer/2022062404/554cb6e2b4c905aa608b4f07/html5/thumbnails/12.jpg)
SECURITY GROUPS
Assumption of a quasi-trusted Layer 2 network Typically will only have hypervisors directly connected to
that network. Filtering/isolation occurs at the bridge device (from a
Linux perspective – think ebtables) Deny by default
![Page 13: vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28](https://reader035.vdocument.in/reader035/viewer/2022062404/554cb6e2b4c905aa608b4f07/html5/thumbnails/13.jpg)
SECURITY GROUPS
![Page 14: vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28](https://reader035.vdocument.in/reader035/viewer/2022062404/554cb6e2b4c905aa608b4f07/html5/thumbnails/14.jpg)
SECURITY GROUPS
![Page 15: vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28](https://reader035.vdocument.in/reader035/viewer/2022062404/554cb6e2b4c905aa608b4f07/html5/thumbnails/15.jpg)
HIGH AVAILABIL ITY
RFMTTR – but apparently HA looks better in marketing slicks and is used that way across the virtualization industry.
CloudStack is not a magical solution for HA – but might be a useful tool in the process to increase availability.
CloudStack will watch for HA-enabled VMs to ensure that they are up, and that the hypervisor it’s on is up – and will restart on another hypervisor if it goes down.
Redundant router
![Page 16: vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28](https://reader035.vdocument.in/reader035/viewer/2022062404/554cb6e2b4c905aa608b4f07/html5/thumbnails/16.jpg)
ALLOCATION ALGORITHMS
How do you place VMs?, allocate storage, etc. CloudStack ships with a number of options:
First Fit Fill first Disperse Create your own
Tags OS Preference
![Page 17: vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28](https://reader035.vdocument.in/reader035/viewer/2022062404/554cb6e2b4c905aa608b4f07/html5/thumbnails/17.jpg)
USAGE
Not billing per se – but does give you something to bill against.
Usage stats show VM count, CPU usage, disk allocation and usage, network usage; all over time.
Lots of integration and howto’s - from Excel spreadsheets to Ubersmith, Amysta, and Cloud Portal.
![Page 18: vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28](https://reader035.vdocument.in/reader035/viewer/2022062404/554cb6e2b4c905aa608b4f07/html5/thumbnails/18.jpg)
HIGH LEVEL ARCHITECTURAL OVERVIEW
© Copyright David Baird and licensed for reuse under this CC-BY
![Page 19: vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28](https://reader035.vdocument.in/reader035/viewer/2022062404/554cb6e2b4c905aa608b4f07/html5/thumbnails/19.jpg)
SECONDARY STORAGE
Used for storing templates and snapshots Historically NFS – just added the option of object storage
Technically Swift, but Caringo, GlusterFS and others should work.
Managed by Secondary Storage VM – manages moving templates and snapshots from/to primary storage, aging snapshots out, etc.
![Page 20: vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28](https://reader035.vdocument.in/reader035/viewer/2022062404/554cb6e2b4c905aa608b4f07/html5/thumbnails/20.jpg)
PRIMARY STORAGE
In the UI we support NFS, iSCSI, and CLVM. We can also make use of local storage
No HA, no live migration, etc. Shared mountpoint
Anything that all the hypervisors can mount and write to.
![Page 21: vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28](https://reader035.vdocument.in/reader035/viewer/2022062404/554cb6e2b4c905aa608b4f07/html5/thumbnails/21.jpg)
RESOURCE DIVIS ION
We have some somewhat arbitrary divisions of resources within CloudStack Zones
• Pods– Clusters
![Page 22: vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28](https://reader035.vdocument.in/reader035/viewer/2022062404/554cb6e2b4c905aa608b4f07/html5/thumbnails/22.jpg)
ZONE
In general practice this is used to designate a specific geographic location.
Shares secondary storage resource across the entire zone Single network model for the entire zone
![Page 23: vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28](https://reader035.vdocument.in/reader035/viewer/2022062404/554cb6e2b4c905aa608b4f07/html5/thumbnails/23.jpg)
POD
In general practice – this is used to refer a rack of machines or a row of racks.
Shares guest network
![Page 24: vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28](https://reader035.vdocument.in/reader035/viewer/2022062404/554cb6e2b4c905aa608b4f07/html5/thumbnails/24.jpg)
CLUSTER
This is typically a max of 8-15 machines per cluster and homogenity is enforced: Same hypervisor (and same version of the hypervisor) Same CPUs Same networking (i.e. /dev/eth0 is connected to the same
network across all machines) Primary storage is cluster specific
![Page 25: vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28](https://reader035.vdocument.in/reader035/viewer/2022062404/554cb6e2b4c905aa608b4f07/html5/thumbnails/25.jpg)
PLETHORA OF NETWORKS
Management Network: Where the hypervisors and management server communicate
Private Network: Default network for system VMs. (virtual router, secondary storage VM, Console proxy VM)
Public Network: The public (often internet-facing network)
Guest Network: The network that VMs are provisioned on.
Link-local network: The RFC 3927 network used for communication between hypervisor and system VMs.
![Page 26: vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28](https://reader035.vdocument.in/reader035/viewer/2022062404/554cb6e2b4c905aa608b4f07/html5/thumbnails/26.jpg)
MANAGEMENT SERVER
UI/API pieces are stateless (state is stored in a MySQL database.
All UI functionality is an API call
![Page 27: vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28](https://reader035.vdocument.in/reader035/viewer/2022062404/554cb6e2b4c905aa608b4f07/html5/thumbnails/27.jpg)
API
RESTful API interface Unauthenticated API interace on 8096 (for localhost) Authenticated API interface natively on port 8080 Responses in XML or JSON http://demo4.cloudstack.org/client/api?
apikey=ZRFLiXIkmAHqgRmZzdiXMfaROyK35P_dXxS517WSa9Tmy1Hg&command=deployVirtualMachine&serviceofferingid=1&templateid=291&zoneid=1&signature=eXW%2fxfqx%2fhu%2frMreFksVsp3cT4M%3d
![Page 28: vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28](https://reader035.vdocument.in/reader035/viewer/2022062404/554cb6e2b4c905aa608b4f07/html5/thumbnails/28.jpg)
UI
Go play with the UI
![Page 29: vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28](https://reader035.vdocument.in/reader035/viewer/2022062404/554cb6e2b4c905aa608b4f07/html5/thumbnails/29.jpg)
QUESTIONS
ASK!
![Page 30: vBACD - Deploying Infrastructure-as-a-Service with CloudStack - 2/28](https://reader035.vdocument.in/reader035/viewer/2022062404/554cb6e2b4c905aa608b4f07/html5/thumbnails/30.jpg)
CONTACT
http://cloudstack.org Docs: http://docs.cloudstack.org IRC: #cloudstack on Freenode Twitter/identi.ca: @cloudstack Mailing Lists
https://lists.sourceforge.net/mailman/listinfo/cloudstack-users https://lists.sourceforge.net/mailman/listinfo/cloudstack-devel
Forums