Presentation was by David Nalley.
CloudStack is multi-tenant:
- Built around user abstraction (can’t see hypervisor/storage/etc)
- Networking seperation – every acct has at least one dedicated & isolated VLAN
- Hardware can be dedicated to users (for compliance, etc)
Networking:
- Broken down by how they are isolated, and if hardware is physical or virtual
- Offered Services: DHCP, VLAN allocation, Firewall, NAT/Port forwarding, Routing, VPN, Load Balancing
- Can also manage Big IPs, NetScaler, Juniper SRX, Cisco Nexus, Nixera, Brocade load balancers
Security groups:
- Traditional isolation has been by VLANs., but issues
- Hard limit of 4096 VLANs
- Supporting HW is expensive
- Security groups – layer 3 isolates. Up to 50K bridged devices managed
- Assumes flat layer 2 network, no multicast. Only will have hypervisors on the layer 2 network
High Availability
- Means services stay up – not just bringing them back up
- CloudStack is not high availablity, but its a tool to increase availability
Allocation algorithms
- How VMs, storage, etc are allocated
- First fit: First place that it comes across that it fits
- Fill first: fill up the resource before moving on
- Disperse: (per zone)
- Create your own
- Resources can be tagged, things will only get deployed to a tagged resource if they request the tag
- OS preference – for socket licensing, etc
Usage
- Not billing, but stats to bill against
Architecture
- Secondary storage: snapshots, templates for VMs,
- Historically NFS – option of object storage (swift, caringo, glusterfs)
- Managed by secondary storage vm, always at least 1 per zone, can scale out.
- Primary storage – NSF, iSCSI, and CLVM. (NSF/iSCSI don’t scale well.)
- Shared mountpoint – anything all hypervisors can mount and write to
- if apps can be architected to be stateless, its fast its local, etc
Resource dvision
- Zones
- Specific geographic location, shares secondary storage resource, single network model
- Pods
- Rack or row of racks, shares guest network
- Clusters
- max of 8-15 machins, homogenity (same hupervisor, same COUs, same networking)
Networks
- Mgt nw
- Private nw
- Public nw
- guest nw
Mgt server – stateless (state is in DB), all UI functionality is an API call.
last part was a diagram of the environment. Pretty cool