•Secure, Multi-tenant cloud orchestration platform– Turnkey solution for delivering
IaaS clouds– Hypervisor agnostic– Scalable and secure– Open source, open standards– Deploys on premise or as a hosted
solution
•Deliver cloud services faster and cheaper
Build your cloud the way the world’s most successful clouds
are built
What is CloudStack
• 2009: Cloud.com, 100% proprietary
• 2010: Cloud.com, open core, GPL v3
• 2011: Citrix Systems, 100% open, GPL v3
• 2012: ASF, 100% open, Apache License 2
• 2013: Graduated from incubator to ASF TLP
History of Apache CloudStack
Multi-tenantPublic Cloud
• Dedicated resources
• Security & total control
• Internal network• Managed by
Enterprise or 3rd party
• Mix of shared and dedicated resources
• Elastic scaling• Pay as you go• Public internet,
VPN access
Hosted Enterprise Cloud
• Dedicated resources
• Security• SLA bound• 3rd party owned
and operated
Private Clouds Public Clouds
On-premise Enterprise Cloud
CloudStack Supports Multiple Cloud Strategies
Compute Network Storage
Admin
Users
Org A
Admin
Users
Org BUsers
End User
Admin
CloudStack Provides On-demand Access
• Offer a scalable, flexible, manageable IaaS platform that follows established cloud computing paradigms
• IaaS– Orchestrate physical and virtual resources to offer self-service
infrastructure provisioning and monitoring• Scalable
– 1 -> N hypervisors / VMs / virtual resources– 1 -> N end users
• Flexible– Handle new physical resource types
• Hypervisors, storage, networking
– Add new APIs– Add new services– Add new network models
Problem Definition
• Manageable– Hide complexity of underlying resources– Rich functional end-user and admin UI– Admin API to automate operations– Easy install, upgrade for small -> large clouds– Simple scaling, automated resilience
Problem Definition (cntd)
Select Compute OfferingCPU & RAM & Hypervisor
Select Operating SystemWindows, Linux
Select Data Disk OfferingVolume Size & Storage Type
Select Network OfferingNetwork & Services
Launch VM
Create Custom Virtual Machines via Service Offerings
• Management Server Dashboard– Running, Stopped and Total VMs– Resource allocations (IPs and storage)– Latest events and alerts
Root Admin View Domain Admin View
Overview Resource Provision
Users
• CPU Utilized
• Network Read
• Network Writes
VM StatusChange
Service Offering
2 CPUs
1 GB RAM
20 GB
20 Mbps
4 CPUs
4 GB RAM
200 GB
100 Mbps
Start
Stop
Reboot
Destroy
VM Operations Console Access
Virtual Machine Management
Add / DeleteVolumes
Create Templates from Volumes
Volume Template
Volume
VM 1
Schedule Snapshots
Hourly
Daily
Weekly
MonthlyNow
View Snapshot History 2012/05/29 7.30 am
….
2012/06/01 7.30 am
Volume and Snapshot Management
• Create Networks and attach VMs
• Acquire public IP address for NAT & load balancing
• Control traffic to VM using ingress and egress firewall rules
• Set up rules to load balance traffic between VMs
Network & Network Services
Compute
XenServer VMware KVM Bare metal
Hypervisor
Storage
Local Disk iSCSI NFSFiber Channel Swift
Block & Object
Network
Connection Type Isolation Load
balancerFirewall VPN
Network & Network Services
Primary Storage Secondary Storage
Open Flexible Platform
Pod 1
….
Host 2
Cluster 1
Host 1
Hypervisor is the basic unit of scale.
Cluster consists of one ore more hosts of same hypervisor
All hosts in cluster have access to shared (primary) storage
Pod is one or more clusters, usually with L2 switches.
Availability Zone has one or more pods, has access to secondary storage.
One or more zones represent cloud
Zone 1
….
L3 core
SecondaryStorage
Pod N
CloudStack Management
Server
Internet
CloudStack Deployment Architecture
PrimaryStorage
Access Layer
Cluster N
Zone1
Data Center 1
Cloud
Data Center 2
Zone 3
Zone 2
Data Center 2
Zone 3
Zone 2
Data Center 2
Zone 3
Zone 2
Data Center 2
Zone 3
Zone 2
Data Center 2
Zone 3
Zone 2
Data Center 3
Zone 4 CloudStack Cloud can have one or more Availability Zones (AZ).
Management Server Managing Multiple Zones
Zone1
Data Center 1
Cloud
Data Center 2
Zone 3
Zone 2
Data Center 2
Zone 3
Zone 2
Data Center 2
Zone 3
Zone 2
Data Center 2
Zone 3
Zone 2
Data Center 2
Zone 3
Zone 2
Data Center 3
Zone 4
MgmtServer
Single Management Server can manage multiple zones
Zones can be geographically distributed but low latency links are expected for better performance
Single MS node can manage up to 10K hosts.
Multiple MS nodes can be deployed as cluster for scale or redundancy
Management Server Managing Multiple Zones
Replication
MS MySQLDB
Back UpDB
InfrastructureResources
User API
Admin API
Load Balancer
MS
MS
MSMySQL
DB
InfrastructureResources
User API
Admin API
Single-node Deployment
Multi-node Deployment
MS is stateless. MS can be deployed as physical server or VM
Single MS node can manage up to 10K hosts. Multiple nodes can be deployed for scale or redundancy
Management Server Deployment Architecture
Pod 1
Host 2
Cluster 1
Host 1PrimaryStorage
L3 switch
SecondaryStorage
L2 switch
• Configured at Cluster-level. Close to hosts for better performance
• Stores all disk volumes for VMs in a cluster
• Cluster can have one or more primary storages
• Local disk, iSCSI, FC or NFS
Primary Storage
• Configured at Zone-level
• Stores all Templates, ISOs and Snapshots
• Zone can have one or more secondary storages
• NFS, OpenStack Swift
Secondary Storage
CloudStack Storage
• Hosts• Servers onto which services will be
provisioned
• Primary Storage• VM storage
• Cluster• A grouping of hosts and their associated
storage
• Pod• Collection of clusters
• Network• Within the same L2 switch
• Secondary Storage• Template, snapshot and ISO storage
• Zone• Collection of pods, network offerings and
secondary storage
• Management Server Farm• Responsible for all management and
provisioning tasks
Zone
CloudStack Pod
Cluster
Host
Host
PrimaryStorage
VM
VM
CloudStack Pod
ClusterSecondary
Storage Network
Core CloudStack Components
• Primary Storage• Cluster level storage for VMs• Connected directly to hosts• NFS, iSCSI, FC and Local
• Secondary Storage• Zone level storage for template,
ISOs and snapshots• NFS or OpenStack Swift via
CloudStack System VM
• Templates and ISOs• Imported into CloudStack• Can be private or public
Zone
Secondary Storage
Pod
Cluster
Host
HostPrimary Storage
Template
Understanding the Role of Storage and Templates
1. User Requests Instance
2. Provision Optional Network Services
3. Copy instance template from secondary storage to primary storage on appropriate cluster
4. Create any requested data volumes on primary storage for the cluster
5. Create instance
6. Start instanceZone
Secondary Storage
Pod
Cluster
Host
HostPrimary Storage
VM
Template
Provisioning Process
XenServer Resource Pool
• Integrates directly with XenServer Pool Master
• Snapshots at host level
• System VM control channel at host level
• Network management is host level
CloudStack Manager
XenServer Pool Master Host
XenServer Host
XenServer Host
XenServer Host
XenServer Host
Citrix XenServer
• Integrates with libvirt using Cloud Agent
• Snapshots at host level
• System VM control channel at host level
• Network management is host level
• CentOS 6.2 with KVM
• Only RHEL 6.2, not RHEV
KVM Host
Cloud Agent
Libvirt
KVM Host
Cloud Agent
Libvirt
CloudStack Manager
RedHat Enterprise Linux (KVM)
• Integration through vCenter
• System VM control channel via CloudStack private network
• Snapshot and volume management via Secondary Storage VM
• Networking via vSphere vSwitch
CloudStack Manager
Data Center
vSphere Cluster
vSphere Host
vSphere Host
vSphere Host
vSphere Cluster
vSphere Host
vSphere HostvCenter
VMware vSphere
Management Server
XenServer
ESX
vCenter
KVM
Agent
XAPI HTTPS
• XS 5.6, 5.6FP1, 5.6 SP2, 6.0.2
• Incremental Snapshots
• VHD
• NFS, iSCSI, FC & Local disk
• Storage over-provisioning: NFS
• ESX 4.1, 5.0 (coming)
• Full Snapshots
• VMDK
• NFS, iSCSI, FC & Local disk
• Storage over-provisioning: NFS, iSCSI
• RHEL 6.0, 6.1, 6.2 (coming)
• Full Snapshots (not live)
• QCOW2
• NFS, iSCSI & FC
• Storage over-provisioning: NFS
Management Server Interaction with Hypervisors
Cloud• Domain is a unit of
isolation that represents a customer org, business unit or a reseller
• Domain can have arbitrary levels of sub-domains
• A Domain can have one or more accounts
• An Account represents one or more users and is the basic unit of isolation
• Admin can limit resources at the Account or Domain levels
Admin
Org A
Admin
Reseller A
Domain
Domain
Admin
Org C
Sub-Domain
User 1
User 2
Group B
Account
Group A
Account
VMs, IPs, Snapshots…
VMs, IPs, Snapshots…
Resources
Resources
Multi-tenancy & Account Management
Router
L3 Core Switch
Access Layer
Switches
………… …
Availability Zone
Servers
CloudStack MS Cluster
Secondary Storage
Pod 1 Pod 2 Pod 3 Pod N
MySQL
Load Balancer
Operations Admin and Cloud API
Users
Physical Network
Network Traffic type:Public Network:
Public traffic is generated when VMs in the cloud access the internet, e.g Virtual Router
Guest Network:The tenant network to which instances are attached.
Storage Network:The physical network which connects the hypervisor
to the storages.
Management Network:Control Plane traffic between CloudStack
management server and hypervisor clusters
CloudStack Network Traffic Type
CloudStack Network Mode
Basic Network
• AWS-style networking• All VMs in one sub-net• Account’s VM Isolation by
Security Group• VR provides service: DHCP, DNS• Each VM has only one NICs
(Network)
Advanced Network
• Account’s VM Isolation by VLAN• VR can provide more services :
NAT, Firewall, PF, LB, VPN• Guest Network supports Isolated
and Shared Network types• Each VM can have more NICs
(Network)
CloudStack Advanced Network
Guest 1 VM 1
Guest 1 VM 2
Guest 1 VM 3
Public Internet
Guest Network 1VLAN 101
Gateway address 10.1.1.1
NATDHCPLoad BalancingPort ForwardingFirewallVPN
Public IP address 65.37.141.11
10.1.1.2
10.1.1.3
10.1.1.4
Guest 1 Virtual Router
Guest 2 VM 1
Guest 2 VM 2
Guest 2 VM 3
Gateway address 10.1.1.1
10.1.1.2
10.1.1.3
10.1.1.4
Guest 2 Virtual Router
Public IP address 65.37.141.24
Guest Network 2VLAN 102
Public Network
CloudStack Advanced Network Service
• Firewall• Source NAT• Static NAT• Load Balancing• Port Forwarding• VPN
Public NetworkInternet
DHCP, DNSNAT, FirewallLB, VPN, Port Forwarding
10.1.1.2Web VM
1
10.1.1.3Web VM
2
10.1.1.4Web VM
3
10.1.1.5Web VM
4
Public IP 65.37.141.111
CSVirtual Router
Virtual Network 10.1.1.0/24VLAN 100
Virtual Network 10.1.2.0/24VLAN 101
10.1.2.21
10.1.2.18
10.1.2.38
10.1.2.39
10.1.2.31App VM
1 10.1.3.21
Virtual Network 10.1.3.0/24VLAN 102
10.1.2.24App VM
2 10.1.3.45
10.1.3.24 DB VM 1
CSVirtual Router
DHCP, DNS DHCP, DNS
CSVirtual Router
Advanced Network – Multi-tier Network
Private IP10.1.1.1
10.1.1.1Web VM
1
10.1.1.3Web VM
2
10.1.1.4Web VM
3
10.1.1.5Web VM
4
Virtual Network 10.1.1.0/24VLAN 100
Virtual Network 10.1.2.0/24VLAN 101
10.1.2.31App VM
1
Virtual Network 10.1.3.0/24VLAN 102
10.1.2.24App VM
2
10.1.3.24DB VM 1
CSVirtual Router /
Other Data Center
IPSec or SSL site-to-site VPN
Internet Internal VLAN
Virtual Router Services• DNS• LB • Site-to-Site VPN• Static Routes• Network ACLs• NAT, PF• FW [ingress & egress]
Loadbalancer
Advanced Network – Virtual Private Network
Zone-Level Layer 3 Switch
Pod 2
Pod N
Private Network
Computing Server 1
Computing Server 3
Computing Server 2
Computing Server 4
Pod-Level Layer-2 Switch
Primary Storage
Primary Storage
Pod 1
Scale-Out NFS
Clus
ter 2
Clus
ter 1 Primary
Storage
Scale-Out NFS
• Primary Storage – Block device to the VM– IOPs intensive– Accessible from host or cluster
wide• WORM Storage
– Secondary Storage or Object Store for templates, ISO, and snapshot archiving
– High capacity• CloudStack manages the
storage between the two to achieve maximum benefit and resiliency
Storage
Type XenServer VMWare KVM
Local Disk Supported Supported Supported
iSCSI Supported Supported Not Supported
Fiber Channel Supported Supported Not Supported
NFS Supported Supported Supported
Primary Storage Support Matrix
• Supported via storage tags for primary storage• Specify a tag when adding a storage pool• Specify a tag when adding a disk offering• Only storage pools with the tag will be
allocated for the volume
Storage Tagging
• Write Once Read Many storage pattern is supported by two different storage types– Secondary Storage (NFS Server within an
availability zone)– Object Store (Swift implementation for cross-zone)
• Objective for WORM storage– High capacity, cheap storage– Easy to increase capacity
• Used to store templates, ISOs, and snapshots
WORM Storage
Top Related