Citrix Systems 4.2 manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272

Ir para a página of

Bom manual de uso

As regras impõem ao revendedor a obrigação de fornecer ao comprador o manual com o produto Citrix Systems 4.2. A falta de manual ou informações incorretas fornecidas ao consumidor são a base de uma queixa por não conformidade do produto com o contrato. De acordo com a lei, pode anexar o manual em uma outra forma de que em papel, o que é frequentemente utilizado, anexando uma forma gráfica ou manual electrónicoCitrix Systems 4.2 vídeos instrutivos para os usuários. A condição é uma forma legível e compreensível.

O que é a instrução?

A palavra vem do latim "Instructio" ou instruir. Portanto, no manual Citrix Systems 4.2 você pode encontrar uma descrição das fases do processo. O objetivo do manual é instruir, facilitar o arranque, a utilização do equipamento ou a execução de determinadas tarefas. O manual é uma coleção de informações sobre o objeto / serviço, um guia.

Infelizmente, pequenos usuários tomam o tempo para ler o manual Citrix Systems 4.2, e um bom manual não só permite conhecer uma série de funcionalidades adicionais do dispositivo, mas evita a formação da maioria das falhas.

Então, o que deve conter o manual perfeito?

Primeiro, o manual Citrix Systems 4.2 deve conte:
- dados técnicos do dispositivo Citrix Systems 4.2
- nome do fabricante e ano de fabricação do dispositivo Citrix Systems 4.2
- instruções de utilização, regulação e manutenção do dispositivo Citrix Systems 4.2
- sinais de segurança e certificados que comprovam a conformidade com as normas pertinentes

Por que você não ler manuais?

Normalmente, isso é devido à falta de tempo e à certeza quanto à funcionalidade específica do dispositivo adquirido. Infelizmente, a mesma ligação e o arranque Citrix Systems 4.2 não são suficientes. O manual contém uma série de orientações sobre funcionalidades específicas, a segurança, os métodos de manutenção (mesmo sobre produtos que devem ser usados), possíveis defeitos Citrix Systems 4.2 e formas de resolver problemas comuns durante o uso. No final, no manual podemos encontrar as coordenadas do serviço Citrix Systems na ausência da eficácia das soluções propostas. Atualmente, muito apreciados são manuais na forma de animações interessantes e vídeos de instrução que de uma forma melhor do que o o folheto falam ao usuário. Este tipo de manual é a chance que o usuário percorrer todo o vídeo instrutivo, sem ignorar especificações e descrições técnicas complicadas Citrix Systems 4.2, como para a versão papel.

Por que ler manuais?

Primeiro de tudo, contem a resposta sobre a construção, as possibilidades do dispositivo Citrix Systems 4.2, uso dos acessórios individuais e uma gama de informações para desfrutar plenamente todos os recursos e facilidades.

Após a compra bem sucedida de um equipamento / dispositivo, é bom ter um momento para se familiarizar com cada parte do manual Citrix Systems 4.2. Atualmente, são cuidadosamente preparados e traduzidos para sejam não só compreensíveis para os usuários, mas para cumprir a sua função básica de informação

Índice do manual

  • Página 1

    CloudPlatform (powered by Apache CloudStack) Version 4.2 Administrator's Guide Revised October 27, 2013 10:50 pm Pacific Citrix CloudPlatform[...]

  • Página 2

    CloudPlatform (powered by Apache CloudStack) Version 4.2 Administrator's Guide CloudPlatform (powered by Apache CloudStack) Version 4.2 Administrator's Guide Revised October 27, 2013 10:50 pm Pacific Author Citrix CloudPlatform © 2013 Citrix Systems, Inc. All rights reserved. Specifications are subject to change without notice. Citrix Sy[...]

  • Página 3

    iii 1. Ge tt in g Mo re In fo rm at io n a nd He lp 1 1. 1. A dd it io na l D oc um en ta ti on Av ai la bl e ............................................................................... 1 1. 2. Ci tr ix Kn ow le dg e C en te r ............................................................................................... 1 1. 3. Con ta ct in g [...]

  • Página 4

    CloudPlatform (powered by Apache CloudStack) Version 4.2 Administrator's Guide iv 7. Us in g Pr oj ec ts to Or ga ni ze Use rs an d Re so ur ce s 35 7. 1. Ov er vi ew of Pr oje ct s .................................................................................................. 35 7. 2. Co nf ig ur in g Pr oj ec ts ..........................[...]

  • Página 5

    v 10 .4 .1 . In di vi du al ....................................................................................................... 74 10.4.2. Support Matrix for an Isolated Network (Combination) .. . . . . . . .. . . . . . .. . . . . . . .. . . . . . .. . . . . . . 75 10.4.3. Support Matrix for Shared Network (Combination) .. . . . . . . .. . . . [...]

  • Página 6

    CloudPlatform (powered by Apache CloudStack) Version 4.2 Administrator's Guide vi 12.7. Using Cisco UCS as Bare Metal Host CloudPlatform . . . . . . . .. . . . . . .. . . . . . . .. . . . . . .. . . . . . . .. . . . . . .. . . 105 12 .7 .1 . Re gi st er in g a UC S Ma na ge r ....................................................................[...]

  • Página 7

    vii 14 .4 .8 . Vo lu me Del et io n an d Ga rb ag e Col lec ti on ...................................................... 138 14 .5 . Wor ki ng wi th Sn ap sh ot s .......................................................................................... 13 8 14.5.1. Automatic Snapshot Creation and Retention . .. . . . . . .. . . . . . . .. . . . . [...]

  • Página 8

    CloudPlatform (powered by Apache CloudStack) Version 4.2 Administrator's Guide viii 16 .1 5. 2. Lim it at io ns ................................................................................................. 17 8 16 .1 5. 3. Be st Pr ac ti ce s ............................................................................................ 17 8 [...]

  • Página 9

    ix 17 . Wo rk in g wi th Sy st em Vir tu al Mac hi ne s 229 17 .1 . The Sy st em VM Te mp la te ....................................................................................... 22 9 17 .2 . Mul ti pl e Sys te m VM Su pp or t fo r VM wa re ................................................................. 22 9 17 .3 . Co ns ol e Pr ox y ......[...]

  • Página 10

    CloudPlatform (powered by Apache CloudStack) Version 4.2 Administrator's Guide x 22 .3 . Lo g Co ll ec ti on Ut il it y cl ou d- bu gt oo l .......................................................................... 25 5 22 .3 .1 . Usi ng cl ou d- bu gt oo l ..................................................................................... 2[...]

  • Página 11

    Chapter 1. 1 Getting More Information and Help 1.1. Additional Documentation Available The following guides are available: • Installation Guide — Covers initial installation of CloudPlatform. It aims to cover in full detail all the steps and requirements to obtain a functioning cloud deployment. At times, this guide mentions additional topics i[...]

  • Página 12

    2[...]

  • Página 13

    Chapter 2. 3 Concepts 2.1. What Is CloudPlatform? CloudPlatform is a software platform that pools computing resources to build public, private, and hybrid Infrastructure as a Service (IaaS) clouds. CloudPlatform manages the network, storage, and compute nodes that make up a cloud infrastructure. Use CloudPlatform to deploy, manage, and configure cl[...]

  • Página 14

    Chapter 2. Concepts 4 Massively Scalable Infrastructure Management CloudPlatform can manage tens of thousands of servers installed in multiple geographically distributed datacenters. The centralized management server scales linearly, eliminating the need for intermediate cluster-level management servers. No single component failure can cause cloud-[...]

  • Página 15

    Management Server Overview 5 A more full-featured installation consists of a highly-available multi-node Management Server installation and up to thousands of hosts using any of several advanced networking setups. For information about deployment options, see Choosing a Deployment Architecture in the Installation Guide. 2.3.1. Management Server Ove[...]

  • Página 16

    Chapter 2. Concepts 6 • Zone: Typically, a zone is equivalent to a single datacenter. A zone consists of one or more pods and secondary storage. • Pod: A pod is usually one rack of hardware that includes a layer-2 switch and one or more clusters. • Cluster: A cluster consists of one or more hosts and primary storage. • Host: A single comput[...]

  • Página 17

    Networking Overview 7 • Basic. Provides a single network where guest isolation can be provided through layer-3 means such as security groups (IP address source filtering). • Advanced. For more sophisticated network topologies. This network model provides the most flexibility in defining guest networks and providing guest isolation. For more det[...]

  • Página 18

    8[...]

  • Página 19

    Chapter 3. 9 Cloud Infrastructure Concepts 3.1. About Regions To increase reliability of the cloud, you can optionally group resources into multiple geographic regions. A region is the largest available organizational unit within a CloudPlatform deployment. A region is made up of several availability zones, where each zone is equivalent to a datace[...]

  • Página 20

    Chapter 3. Cloud Infrastructure Concepts 10 The benefit of organizing infrastructure into zones is to provide physical isolation and redundancy. For example, each zone can have its own power supply and network uplink, and the zones can be widely separated geographically (though this is not required). A zone consists of: • One or more pods. Each p[...]

  • Página 21

    About Pods 11 For each zone, the administrator must decide the following. • How many pods to place in a zone. • How many clusters to place in each pod. • How many hosts to place in each cluster. • (Optional) If zone-wide primary storage is being used, decide how many primary storage servers to place in each zone and total capacity for these[...]

  • Página 22

    Chapter 3. Cloud Infrastructure Concepts 12 3.4. About Clusters A cluster provides a way to group hosts. To be precise, a cluster is a XenServer server pool, a set of KVM servers, a set of OVM hosts, or a VMware cluster preconfigured in vCenter. The hosts in a cluster all have identical hardware, run the same hypervisor, are on the same subnet, and[...]

  • Página 23

    About Hosts 13 server with CloudPlatform. There may be multiple vCenter servers per zone. Each vCenter server may manage multiple VMware clusters. 3.5. About Hosts A host is a single computer. Hosts provide the computing resources that run guest virtual machines. Each host has hypervisor software installed on it to manage the guest VMs. For example[...]

  • Página 24

    Chapter 3. Cloud Infrastructure Concepts 14 • Dell EqualLogic™ for iSCSI • Network Appliances filers for NFS and iSCSI • Scale Computing for NFS If you intend to use only local disk for your installation, you can skip adding separate primary storage. 3.7. About Secondary Storage Secondary storage stores the following: • Templates — OS i[...]

  • Página 25

    Basic Zone Network Traffic Types 15 type for each network vary depending on whether you are creating a zone with basic networking or advanced networking. A physical network is the actual network hardware and wiring in a zone. A zone can have multiple physical networks. An administrator can: • Add/Remove/Update physical networks in a zone • Conf[...]

  • Página 26

    Chapter 3. Cloud Infrastructure Concepts 16 you must also configure a network to carry public traffic. CloudPlatform takes care of presenting the necessary network configuration steps to you in the UI when you add a new zone. 3.8.2. Basic Zone Guest IP Addresses When basic networking is used, CloudPlatform will assign IP addresses in the CIDR of th[...]

  • Página 27

    Advanced Zone Public IP Addresses 17 3.8.5. Advanced Zone Public IP Addresses When advanced networking is used, the administrator can create additional networks for use by the guests. These networks can span the zone and be available to all accounts, or they can be scoped to a single account, in which case only the named account may create guests t[...]

  • Página 28

    18[...]

  • Página 29

    Chapter 4. 19 Accounts 4.1. Accounts, Users, and Domains Accounts An account typically represents a customer of the service provider or a department in a large organization. Multiple users can exist in an account. Domains Accounts are grouped by domains. Domains usually contain multiple accounts that have some logical relationship to each other and[...]

  • Página 30

    Chapter 4. Accounts 20 4.1.1. Dedicating Resources to Accounts and Domains The root administrator can dedicate resources to a specific domain or account that needs private infrastructure for additional security or performance guarantees. A zone, pod, cluster, or host can be reserved by the root administrator for a specific domain or account. Only u[...]

  • Página 31

    Using an LDAP Server for User Authentication 21 If you delete an account or domain, any hosts, clusters, pods, and zones that were dedicated to it are freed up. They will now be available to be shared by any account or domain, or the administrator may choose to re-dedicate them to a different account or domain. System VMs and virtual routers affect[...]

  • Página 32

    Chapter 4. Accounts 22 5. Specify the following: • Bind DN : The full distinguished name (DN), including common name (CN), of an LDAP user account that has the necessary privileges to search users. For example: cn=admin,cn=users,dc=mycom,dc=com This user account must have at least domain user privileges. • Bind Password : The password used in a[...]

  • Página 33

    Example LDAP Configuration Commands 23 6. Click OK. 4.2.1.2. Removing an LDAP Configuration 1. Log in to the CloudPlatform. 2. From the left navigational bar, click Global Settings. 3. From the Select view drop down, select LDAP Configuration. 4. In the Quick View, click Remove LDAP. Alternatively, you can click Remove LDAP in the LDAP Configuratio[...]

  • Página 34

    Chapter 4. Accounts 24 depending on which LDAP server you are using. A full discussion of distinguished names is outside the scope of our documentation. The following table shows some examples of search bases to find users in the testing department.. LDAP Server Example Search Base DN ApacheDS ou=testing,o=project Active Directory OU=testing, DC=co[...]

  • Página 35

    Search User Bind DN 25 (&(sAMAccountName=%u) or (&(mail=%e)) 4.2.5. Search User Bind DN The bind DN is the user on the external LDAP server permitted to search the LDAP directory within the defined search base. When the DN is returned, the DN and passed password are used to authenticate the CloudPlatform user with an LDAP bind. A full discu[...]

  • Página 36

    26[...]

  • Página 37

    Chapter 5. 27 User Services Overview In addition to the physical and logical infrastructure of your cloud, and the CloudPlatform software and servers, you also need a layer of user services so that people can actually make use of the cloud. This means not just a user UI, but a set of options and resources that users can choose from, such as templat[...]

  • Página 38

    28[...]

  • Página 39

    Chapter 6. 29 User Interface 6.1. Supported Browsers The CloudPlatform web-based UI is available in the following popular browsers: • Mozilla Firefox 22 or greater • Apple Safari, all versions packaged with Mac OS X 10.5 (Leopard) or greater • Google Chrome, all versions starting from the year 2012 • Microsoft Internet Explorer 9 or greater[...]

  • Página 40

    Chapter 6. User Interface 30 6.2.2. Root Administrator's UI Overview The CloudPlatform UI helps the CloudPlatform administrator provision, view, and manage the cloud infrastructure, domains, user accounts, projects, and configuration settings. The first time you start the UI after a fresh Management Server installation, you can choose to follo[...]

  • Página 41

    Changing the Root Password 31 Warning You are logging in as the root administrator. This account manages the CloudPlatform deployment, including physical infrastructure. The root administrator can modify configuration settings to change basic functionality, create or delete user accounts, and take many actions that should be performed only by an au[...]

  • Página 42

    Chapter 6. User Interface 32 For more information on creating a new instance, see Section 11.4, “Creating VMs” . 2. Download the script file cloud-set-guest-sshkey from the following link: http://download.cloud.com/templates/4.2/bindir/cloud-set-guest-sshkey.in 3. Copy the file to /etc/init.d. 4. Give the necessary permissions on the script: ch[...]

  • Página 43

    Creating an Instance 33 2. Copy the key data into a file. The file looks like this: -----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQCSydmnQ67jP6lNoXdX3noZjQdrMAWNQZ7y5SrEu4wDxplvhYci dXYBeZVwakDVsU2MLGl/K+wefwefwefwefwefJyKJaogMKn7BperPD6n1wIDAQAB AoGAdXaJ7uyZKeRDoy6wA0UmF0kSPbMZCR+UTIHNkS/E0/4U+6lhMokmFSHtu mfDZ1kGGDYhMsdytjDBztljawfawfeawefawfawfaw[...]

  • Página 44

    34[...]

  • Página 45

    Chapter 7. 35 Using Projects to Organize Users and Resources 7.1. Overview of Projects Projects are used to organize people and resources. CloudPlatform users within a single domain can group themselves into project teams so they can collaborate and share virtual resources such as VMs, snapshots, templates, data disks, and IP addresses. CloudPlatfo[...]

  • Página 46

    Chapter 7. Using Projects to Organize Users and Resources 36 1. Log in as administrator to the CloudPlatform UI. 2. In the left navigation, click Global Settings. 3. In the search box, type project and click the search button. 4. In the search results, you can see a few other parameters you need to set to control how invitations behave. The table b[...]

  • Página 47

    Creating a New Project 37 3. In the search box, type allow.user.create.projects. 4. Click the edit button to set the parameter. allow.user.create.projects Set to true to allow end users to create projects. Set to false if you want only the CloudPlatform root administrator and domain administrators to create projects. 5. Restart the Management Serve[...]

  • Página 48

    Chapter 7. Using Projects to Organize Users and Resources 38 5. Click the Invitations tab. 6. In Add by, select one of the following: a. Account – The invitation will appear in the user’s Invitations tab in the Project View. See Using the Project View. b. Email – The invitation will be sent to the user’s email address. Each emailed invitati[...]

  • Página 49

    Suspending or Deleting a Project 39 7.6. Suspending or Deleting a Project When a project is suspended, it retains the resources it owns, but they can no longer be used. No new resources or members can be added to a suspended project. When a project is deleted, its resources are destroyed, and member accounts are removed from the project. The projec[...]

  • Página 50

    40[...]

  • Página 51

    Chapter 8. 41 Steps to Provisioning Your Cloud Infrastructure This section tells how to add regions, zones, pods, clusters, hosts, storage, and networks to your cloud. If you are unfamiliar with these entities, please begin by looking through Chapter 3, Cloud Infrastructure Concepts . 8.1. Overview of Provisioning Steps After the Management Server [...]

  • Página 52

    Chapter 8. Steps to Provisioning Your Cloud Infrastructure 42 8.2. Adding Regions (optional) Grouping your cloud resources into geographic regions is an optional step when provisioning the cloud. For an overview of regions, see Section 3.1, “About Regions” . 8.2.1. The First Region: The Default Region If you do not take action to define regions[...]

  • Página 53

    Adding Third and Subsequent Regions 43 3. Now add the new region to region 1 in CloudPlatform. a. Log in to CloudPlatform in the first region as root administrator (that is, log in to <region.1.IP.address>:8080/client). b. In the left navigation bar, click Regions. c. Click Add Region. In the dialog, fill in the following fields: • ID. A un[...]

  • Página 54

    Chapter 8. Steps to Provisioning Your Cloud Infrastructure 44 2. Once the Management Server is running, add your new region to all existing regions by repeatedly using the Add Region button in the UI. For example, if you were adding region 3: a. Log in to CloudPlatform in the first region as root administrator (that is, log in to <region.1.IP.ad[...]

  • Página 55

    Adding a Zone 45 2. In the left navigation bar, click Regions. 3. Click the name of the region you want to delete. 4. Click the Remove Region button. 5. Repeat these steps for <region.2.IP.address>:8080/client. 8.3. Adding a Zone Adding a zone consists of three phases: • Create a mount point for secondary storage on the Management Server. ?[...]

  • Página 56

    Chapter 8. Steps to Provisioning Your Cloud Infrastructure 46 This process will require approximately 5 GB of free space on the local file system and up to 30 minutes each time it runs. • For XenServer: # /usr/share/cloudstack-common/scripts/storage/secondary/cloud-install-sys-tmplt -m / mnt/secondary -u http://download.cloud.com/templates/4.2/sy[...]

  • Página 57

    Steps to Add a New Zone 47 For more information about the network types, see Network Setup. 7. The rest of the steps differ depending on whether you chose Basic or Advanced. Continue with the steps that apply to you: • Section 8.3.3.1, “Basic Zone Configuration” • Section 8.3.3.2, “Advanced Zone Configuration” 8.3.3.1. Basic Zone Config[...]

  • Página 58

    Chapter 8. Steps to Provisioning Your Cloud Infrastructure 48 The traffic types are management, public, guest, and storage traffic. For more information about the types, roll over the icons to display their tool tips, or see Basic Zone Network Traffic Types. This screen starts out with some traffic types already assigned. To add more, drag and drop[...]

  • Página 59

    Steps to Add a New Zone 49 • Pod Name. A name for the pod. • Reserved system gateway. The gateway for the hosts in that pod. • Reserved system netmask. The network prefix that defines the pod's subnet. Use CIDR notation. • Start/End Reserved System IP. The IP range in the management network that CloudPlatform uses to manage various sys[...]

  • Página 60

    Chapter 8. Steps to Provisioning Your Cloud Infrastructure 50 • KVM vSphere Installation and Configuration • Oracle VM (OVM) Installation and Configuration To configure the first host, enter the following, then click Next: • Host Name. The DNS name or IP address of the host. • Username. The username is root. • Password. This is the passwo[...]

  • Página 61

    Steps to Add a New Zone 51 • Public. A public zone is available to all users. A zone that is not public will be assigned to a particular domain. Only users in that domain will be allowed to create guest VMs in this zone. 2. Choose which traffic types will be carried by the physical network. The traffic types are management, public, guest, and sto[...]

  • Página 62

    Chapter 8. Steps to Provisioning Your Cloud Infrastructure 52 4. Click Next. 5. Configure the IP range for public Internet traffic. Enter the following details, then click Add. If desired, you can repeat this step to add more public Internet IP ranges. When done, click Next. • Gateway. The gateway in use for these IP addresses. • Netmask. The n[...]

  • Página 63

    Steps to Add a New Zone 53 • Start/End Reserved System IP. The IP range in the management network that CloudPlatform uses to manage various system VMs, such as Secondary Storage VMs, Console Proxy VMs, and DHCP. For more information, see Section 3.8.6, “System Reserved IP Addresses” . 7. Specify a range of VLAN IDs to carry guest traffic for [...]

  • Página 64

    Chapter 8. Steps to Provisioning Your Cloud Infrastructure 54 more information, see HA-Enabled Virtual Machines as well as HA for Hosts, both in the Administration Guide. 10. In a new cluster, CloudPlatform adds the first primary storage server for you. You can always add more servers later. For an overview of what primary storage is, see Section 3[...]

  • Página 65

    Adding a Pod 55 SharedMountPoint • Path. The path on each host that is where this primary storage is mounted. For example, "/mnt/primary". • Tags (optional). The comma-separated list of tags for this storage device. It should be an equivalent set or superset of the tags on your disk offerings. The tag sets on primary storage across cl[...]

  • Página 66

    Chapter 8. Steps to Provisioning Your Cloud Infrastructure 56 5. Enter the following details in the dialog. • Name. The name of the pod. • Gateway. The gateway for the hosts in that pod. • Netmask. The network prefix that defines the pod's subnet. Use CIDR notation. • Start/End Reserved System IP. The IP range in the management network[...]

  • Página 67

    Add Cluster: vSphere 57 3. Click the Compute tab. In the Pods node, click View All. Select the same pod you used in step 1. 4. Click View Clusters, then click Add Cluster. The Add Cluster dialog is displayed. 5. In Hypervisor, choose OVM. 6. In Cluster, enter a name for the cluster. 7. Click Add. 8.5.3. Add Cluster: vSphere Host management for vSph[...]

  • Página 68

    Chapter 8. Steps to Provisioning Your Cloud Infrastructure 58 2. Log in to the UI. 3. In the left navigation, choose Infrastructure. In Zones, click View More, then click the zone in which you want to add the cluster. 4. Click the Compute tab, and click View All on Pods. Choose the pod to which you want to add the cluster. 5. Click View Clusters. 6[...]

  • Página 69

    Add Cluster: vSphere 59 If you have enabled Nexus dvSwitch in the environment, the following parameters for dvSwitch configuration are displayed: • Nexus dvSwitch IP Address: The IP address of the Nexus VSM appliance. • Nexus dvSwitch Username: The username required to access the Nexus VSM applicance. • Nexus dvSwitch Password: The password a[...]

  • Página 70

    Chapter 8. Steps to Provisioning Your Cloud Infrastructure 60 8.6. Adding a Host 1. Before adding a host to the CloudPlatform configuration, you must first install your chosen hypervisor on the host. CloudPlatform can manage hosts running VMs under a variety of hypervisors. The CloudPlatform Installation Guide provides instructions on how to instal[...]

  • Página 71

    Adding a Host (XenServer, KVM, or OVM) 61 For all additional hosts to be added to the cluster, run the following command. This will cause the host to join the master in a XenServer pool. # xe pool-join master-address=[master IP] master-username=root master-password=[your password] Note When copying and pasting a command, be sure the command has pas[...]

  • Página 72

    Chapter 8. Steps to Provisioning Your Cloud Infrastructure 62 7. Click Add Host. 8. Provide the following information. • Host Name. The DNS name or IP address of the host. • Username. Usually root. • Password. This is the password for the user named above (from your XenServer, KVM, or OVM install). • Host Tags (Optional). Any labels that yo[...]

  • Página 73

    Adding Secondary Storage 63 • Pod. (Visible only if you choose Cluster in the Scope field.) The pod for the storage device. • Cluster. (Visible only if you choose Cluster in the Scope field.) The cluster for the storage device. • Name. The name of the storage device • Protocol. For XenServer, choose either NFS, iSCSI, or PreSetup. For KVM, [...]

  • Página 74

    Chapter 8. Steps to Provisioning Your Cloud Infrastructure 64 3. Log in to the CloudPlatform UI as root administrator. 4. In the left navigation bar, click Infrastructure. 5. In Secondary Storage, click View All. 6. Click Add Secondary Storage. 7. Fill in the following fields: • Name. Give the storage a descriptive name. • Provider. Choose the [...]

  • Página 75

    Initialize and Test 65 5. In Secondary Storage, click View All. 6. In Select View, choose Secondary Staging Store. 7. Click the Add NFS Secondary Staging Store button. 8. Fill out the dialog box fields, then click OK: • Zone. The zone where the NFS Secondary Staging Store is to be located. • NFS server. The name of the zone's Secondary Sta[...]

  • Página 76

    Chapter 8. Steps to Provisioning Your Cloud Infrastructure 66 If you decide to grow your deployment, you can add more hosts, primary storage, zones, pods, and clusters.[...]

  • Página 77

    Chapter 9. 67 Service Offerings In this chapter we discuss compute, disk, and system service offerings. Network offerings are discussed in the section on setting up networking for users. 9.1. Compute and Disk Service Offerings A service offering is a set of virtual hardware features such as CPU core count and speed, memory, and disk size. The Cloud[...]

  • Página 78

    Chapter 9. Service Offerings 68 • Storage type : The type of disk that should be allocated. Local allocates from storage attached directly to the host where the system VM is running. Shared allocates from storage accessible via NFS. • # of CPU cores : The number of cores which should be allocated to a system VM with this offering • CPU (in MH[...]

  • Página 79

    Modifying or Deleting a Service Offering 69 • Disk Size. Appears only if Custom Disk Size is not selected. Define the volume size in GB. • QoS Type. Three options: Empty (no Quality of Service), hypervisor (rate limiting enforced on the hypervisor side), and storage (guaranteed minimum and maximum IOPS enforced on the storage side). If using Qo[...]

  • Página 80

    Chapter 9. Service Offerings 70 5. In the dialog, make the following choices: • Name. Any desired name for the system offering. • Description. A short description of the offering that can be displayed to users • System VM Type. Select the type of system virtual machine that this offering is intended to support. • Storage type. The type of d[...]

  • Página 81

    Changing the Secondary Storage VM Service Offering on a Guest Network 71 6. Click the Change Service button. 7. Select the offering you want. The Change service dialog box is displayed. 8. Click OK. 9. If you stopped any VMs, restart them.[...]

  • Página 82

    72[...]

  • Página 83

    Chapter 10. 73 Setting Up Networking for Users 10.1. Overview of Setting Up Networking for Users People using cloud infrastructure have a variety of needs and preferences when it comes to the networking services provided by the cloud. As a CloudPlatform administrator, you can do the following things to set up networking for your users: • Set up p[...]

  • Página 84

    Chapter 10. Setting Up Networking for Users 74 • Source NAT per zone is not supported when the service provider is virtual router. However, Source NAT per account is supported with virtual router in a Shared Network. For information, see Section 16.5.3, “Configuring a Shared Guest Network” . 10.2.3. Runtime Allocation of Virtual Network Resou[...]

  • Página 85

    Support Matrix for an Isolated Network (Combination) 75 Virtual Router VPC Virtual Router BigIP F5 Juniper SRX Citrix NetScaler Port Forwarding YYN YN Load Balancing Y Y Y N Y Remote VPN Y N N Y N Network ACL N Y N N N Usage Monitoring YYYYY Security Group N N N N N Firewall Y N N Y N 10.4.2. Support Matrix for an Isolated Network (Combination) Y =[...]

  • Página 86

    Chapter 10. Setting Up Networking for Users 76 NW Devices DHCP DNS User Data Source NAT Static NAT Port Forwarding Load Balancing Remote VPN Network ACL Usage Monitoring Security Group Firewall by Side LB - No SRX and F5 Inline VR VR VR SRX SRX SRX F5 SRX SRX Y N Static NAT / PF - Yes LB - Yes 10.4.3. Support Matrix for Shared Network (Combination)[...]

  • Página 87

    Support Matrix for Basic Zone 77 10.4.4. Support Matrix for Basic Zone Y = Supported N = Not Supported NW Devices DHCP DNS User Data Source NAT Static NAT Port Forwarding Load Balancing Remote VPN Network ACL Usage Monitoring Security Group Firewall Virtual Router VR VR VR N N N N N N Y Y N VR and NetScaler (EIP/ ELB) VR VR VR N NetScaler N NetScal[...]

  • Página 88

    Chapter 10. Setting Up Networking for Users 78 a web server farm and require a scalable firewall solution, load balancing solution, and alternate networks for accessing the database backend. Note If you create load balancing rules while using a network service offering that includes an external load balancer device such as NetScaler, and later chan[...]

  • Página 89

    Creating a New Network Offering 79 • Supported Services . Select one or more of the possible network services. For some services, you must also choose the service provider; for example, if you select Load Balancer, you can choose the CloudPlatform virtual router or any other load balancers that have been configured in the cloud. Depending on whic[...]

  • Página 90

    Chapter 10. Setting Up Networking for Users 80 Supported Services Description Isolated Shared been configured in the cloud. VPN For more information, see Section 16.24, “Remote Access VPN” . Supported Supported User Data For more information, see Section 20.3, “User Data and Meta Data” . Not Supported Supported Network ACL For more informat[...]

  • Página 91

    Changing the Network Offering on a Guest Network 81 Side by Side : In side by side mode, a firewall device is deployed in parallel with the load balancer device. So the traffic to the load balancer public IP is not routed through the firewall, and therefore, is exposed to the public network. • Associate Public IP : Select this option if you want [...]

  • Página 92

    Chapter 10. Setting Up Networking for Users 82 2. If you are changing from a network offering that uses the CloudPlatform virtual router to one that uses external devices as network service providers, you must first stop all the VMs on the network. See Section 11.7, “Stopping and Starting VMs” . 3. In the left navigation, choose Network. 4. Cli[...]

  • Página 93

    Creating and Changing a Virtual Router Network Offering 83 • System Offering . Choose the system service offering that you want virtual routers to use in this network. In this case, the default “System Offering For Software Router” and the custom “VRsystemofferingHA” are available and displayed. 6. Click OK and the network offering is cre[...]

  • Página 94

    84[...]

  • Página 95

    Chapter 11. 85 Working With Virtual Machines 11.1. About Working with Virtual Machines CloudPlatform provides administrators with complete control over the life cycle of all guest VMs executing in the cloud. CloudPlatform provides several guest management operations for end users and administrators. VMs may be stopped, started, rebooted, and destro[...]

  • Página 96

    Chapter 11. Working With Virtual Machines 86 11.2.1. Monitor VMs for Max Capacity The CloudPlatform administrator should monitor the total number of VM instances in each cluster, and disable allocation to the cluster if the total is approaching the maximum that the hypervisor can handle. Be sure to leave a safety margin to allow for the possibility[...]

  • Página 97

    Creating VMs 87 Once a virtual machine is destroyed, it cannot be recovered. All the resources used by the virtual machine will be reclaimed by the system. This includes the virtual machine’s IP address. A stop will attempt to gracefully shut down the operating system, which typically involves terminating all the running applications. If the oper[...]

  • Página 98

    Chapter 11. Working With Virtual Machines 88 2. In the left navigation bar, click Instances. 3. Click Add Instance. 4. Select a zone. 5. Select a template, then follow the steps in the wizard. For more information about how the templates came to be in this list, see Chapter 13, Working with Templates . 6. Be sure that the hardware you have allows s[...]

  • Página 99

    Accessing VMs 89 virtual machine. A linked clone is also a copy of an existing virtual machine, but it has ongoing dependency on the original. A linked clone shares the virtual disk of the original VM, and retains access to all files that were present at the time the clone was created. The use of these different clone types involves some side effec[...]

  • Página 100

    Chapter 11. Working With Virtual Machines 90 The default format of the internal name is i-<user_id>-<vm_id>-<instance.name>, where instance.name is a global parameter. When vm.instancename.flag is set to true, if a display name is provided during the creation of a guest VM, the display name is appended to the internal name of the [...]

  • Página 101

    Affinity Groups 91 • Host tags. The administrator can assign tags to hosts. These tags can be used to specify which host a VM should use. The CloudPlatform administrator decides whether to define host tags, then create a service offering using those tags and offer it to the user. • Affinity groups. By defining affinity groups and assigning VMs [...]

  • Página 102

    Chapter 11. Working With Virtual Machines 92 5. Click the Change Affinity button. View Members of an Affinity Group To see which VMs are currently assigned to a particular affinity group: 1. In the left navigation bar, click Affinity Groups. 2. Click the name of the group you are interested in. 3. Click View Instances. The members of the group are [...]

  • Página 103

    Limitations on VM Snapshots 93 11.9.1. Limitations on VM Snapshots • If a VM has some stored snapshots, you can't attach new volume to the VM or delete any existing volumes. If you change the volumes on the VM, it would become impossible to restore the VM snapshot which was created with the previous volume structure. If you want to attach a [...]

  • Página 104

    Chapter 11. Working With Virtual Machines 94 Note If a snapshot is already in progress, then clicking this button will have no effect. 5. Provide a name and description. These will be displayed in the VM Snapshots list. 6. (For running VMs only) If you want to include the VM's memory in the snapshot, click the Memory checkbox. This saves the C[...]

  • Página 105

    Changing the Service Offering for a VM 95 6. Make the desired changes to the following: • Display name : Enter a new display name if you want to change the name of the VM. • OS Type : Select the desired operating system. • Group : Enter the group name for the VM. 7. Click Apply. 11.11. Changing the Service Offering for a VM To upgrade or down[...]

  • Página 106

    Chapter 11. Working With Virtual Machines 96 with previous versions will not have the dynamic scaling capability unless you update them using the following procedure. 11.11.2. Updating Existing VMs If you are upgrading from a previous version of CloudPlatform, and you want your existing VMs created with previous versions to have the dynamic scaling[...]

  • Página 107

    Resetting the Virtual Machine Root Volume on Reboot 97 • When scaling memory or CPU for a Linux VM on VMware, you might need to run scripts in addition to the other steps mentioned above. For more information, see Hot adding memory in Linux (1012764) 2 in the VMware Knowledge Base. • (VMware) If resources are not available on the current host, [...]

  • Página 108

    Chapter 11. Working With Virtual Machines 98 Note If the VM's storage has to be migrated along with the VM, this will be noted in the host list. CloudPlatform will take care of the storage migration for you. 6. Click OK. 11.14. Deleting VMs Users can delete their own virtual machines. A running virtual machine will be abruptly stopped before i[...]

  • Página 109

    Adding an ISO 99 contains an OS image. CloudPlatform allows a user to boot a guest VM off of an ISO image. Users can also attach ISO images to guest VMs. For example, this enables installing PV drivers into Windows. ISO images are not hypervisor-specific. 11.16.1. Adding an ISO To make additional operating system or other software available for use[...]

  • Página 110

    Chapter 11. Working With Virtual Machines 100 Note It is not recommended to choose an older version of the OS than the version in the image. For example, choosing CentOS 5.4 to support a CentOS 6.2 image will usually not work. In these cases, choose Other. • Extractable : Choose Yes if the ISO should be available for extraction. • Public : Choo[...]

  • Página 111

    Changing a VM's Base Image 101 type of image). When this call occurs, the VM's root disk is first destroyed, then a new root disk is created from the source designated in the template ID parameter. The new root disk is attached to the VM, and now the VM is based on the new template. You can also omit the template ID parameter from the res[...]

  • Página 112

    102[...]

  • Página 113

    Chapter 12. 103 Working With Hosts 12.1. Adding Hosts Additional hosts can be added at any time to provide more capacity for guest VMs. For requirements and instructions, see Section 8.6, “Adding a Host” . 12.2. Scheduled Maintenance and Maintenance Mode for Hosts You can place a host into maintenance mode. When maintenance mode is activated, t[...]

  • Página 114

    Chapter 12. Working With Hosts 104 1. In the Resources pane, select the server, then do one of the following: • Right-click, then click Enter Maintenance Mode on the shortcut menu. • On the Server menu, click Enter Maintenance Mode. 2. Click Enter Maintenance Mode. The server's status in the Resources pane shows when all running VMs have b[...]

  • Página 115

    Removing XenServer and KVM Hosts 105 12.4.1. Removing XenServer and KVM Hosts A node cannot be removed from a cluster until it has been placed in maintenance mode. This will ensure that all of the VMs on it have been migrated to other Hosts. To remove a Host from the cloud: 1. Place the node in maintenance mode. See Section 12.2, “Scheduled Maint[...]

  • Página 116

    Chapter 12. Working With Hosts 106 orchestrate. CloudPlatform can automatically understand the UCS environment, server profiles, etc. so CloudPlatform administrators can deploy a bare metal OS on a Cisco UCS. An overview of the steps involved in using UCS with CloudPlatform: 1. Set up your UCS blades, profiles, and UCS Manager according to Cisco do[...]

  • Página 117

    Disassociating a Profile from a UCS Blade 107 6. Click the name of the UCS Manager. A list is displayed that shows the names of the blades that are installed under the selected manager. 7. In the Actions column, click the Associate Profile icon. 8. In the dialog, select the name of the profile you want to associate with this blade, then click OK. T[...]

  • Página 118

    Chapter 12. Working With Hosts 108 mysql> select id from cloud.host where name like '%h%'; 4. This should return a single ID. Record the set of such IDs for these hosts. 5. Update the passwords for the host in the database. In this example, we change the passwords for hosts with IDs 5, 10, and 12 to "password". mysql> upda[...]

  • Página 119

    Limitations on Over-Provisioning in XenServer and KVM 109 12.9.1. Limitations on Over-Provisioning in XenServer and KVM • In XenServer, due to a constraint of this hypervisor, you can not use an over-provisioning factor greater than 4. • The KVM hypervisor can not manage memory allocation to VMs dynamically. CloudPlatform sets the minimum and m[...]

  • Página 120

    Chapter 12. Working With Hosts 110 done, CloudPlatform recalculates or scales the used and reserved capacities based on the new over- provisioning ratios, to ensure that CloudPlatform is correctly tracking the amount of free capacity. Note It is safer not to deploy additional new VMs while the capacity recalculation is underway, in case the new val[...]

  • Página 121

    VLAN Allocation Example 111 CloudPlatform manages VLANs differently based on hypervisor type. For XenServer or KVM, the VLANs are created on only the hosts where they will be used and then they are destroyed when all guests that require them have been terminated or moved to another host. For vSphere the VLANs are provisioned on all hosts in the clu[...]

  • Página 122

    Chapter 12. Working With Hosts 112 5. Click Physical Network. 6. In the Guest node of the diagram, click Configure. 7. Click Edit The VLAN Ranges field now be editable. 8. Enter the start and end of the VLAN range. If you have multiple ranges, separate them by a comma. For example: 200-210,300-350,500-600, 100-110 Specify all the VLANs you want to [...]

  • Página 123

    Chapter 13. 113 Working with Templates A template is a reusable configuration for virtual machines. When users launch VMs, they can choose from a list of templates in CloudPlatform. Specifically, a template is a virtual disk image that includes one of a variety of operating systems, optional additional software such as office applications, and sett[...]

  • Página 124

    Chapter 13. Working with Templates 114 A default template is provided for each of XenServer, KVM, and vSphere. The templates that are downloaded depend on the hypervisor type that is available in your cloud. Each template is approximately 2.5 GB physical size. The default template includes the standard iptables rules, which will block most access t[...]

  • Página 125

    Creating a Template from a Snapshot 115 • Name and Display Text . These will be shown in the UI, so choose something descriptive. • OS Type . This helps CloudPlatform and the hypervisor perform certain operations and make assumptions that improve the performance of the guest. Select one of the following. • If the operating system of the stopp[...]

  • Página 126

    Chapter 13. Working with Templates 116 Templates are uploaded based on a URL. HTTP is the supported access protocol. Templates are frequently large files. You can optionally gzip them to decrease upload times. To upload a template: 1. In the left navigation bar, click Templates. 2. Click Register Template. 3. Provide the following in the dialog box[...]

  • Página 127

    Exporting Templates 117 13.9. Exporting Templates End users and Administrators may export templates from the CloudPlatform. Navigate to the template in the UI and choose the Download function from the Actions menu. 13.10. Creating a Windows Template Windows templates must be prepared with Sysprep before they can be provisioned on multiple machines.[...]

  • Página 128

    Chapter 13. Working with Templates 118 1. Download and install the Windows AIK Note Windows AIK should not be installed on the Windows 2008 R2 VM you just created. Windows AIK should not be part of the template you create. It is only used to create the sysprep answer file. 2. Copy the install.wim file in the sources directory of the Windows 2008 R[...]

  • Página 129

    System Preparation for Windows Server 2008 R2 119 b. You need to automate the Software License Terms Selection page, otherwise known as the End-User License Agreement (EULA). To do this, expand the Microsoft-Windows-Shell-Setup component. High-light the OOBE setting, and add the setting to the Pass 7 oobeSystem. In Settings, set HideEULAPage true.[...]

  • Página 130

    Chapter 13. Working with Templates 120 c. Make sure the license key is properly set. If you use MAK key, you can just enter the MAK key on the Windows 2008 R2 VM. You need not input the MAK into the Windows System Image Manager. If you use KMS host for activation you need not enter the Product Key. Details of Windows Volume Activation can be found [...]

  • Página 131

    System Preparation for Windows Server 2003 R2 121 You may read the AIK documentation and set many more options that suit your deployment. The steps above are the minimum needed to make Windows unattended setup work. 8. Save the answer file as unattend.xml. You can ignore the warning messages that appear in the validation window. 9. Copy the unatten[...]

  • Página 132

    Chapter 13. Working with Templates 122 a. Select Create New to create a new Answer File. b. Enter “Sysprep setup” for the Type of Setup. c. Select the appropriate OS version and edition. d. On the License Agreement screen, select “Yes fully automate the installation”. e. Provide your name and organization. f. Leave display settings at defau[...]

  • Página 133

    Importing Amazon Machine Images 123 You need to have a XenServer host with a file-based storage repository (either a local ext3 SR or an NFS SR) to convert to a VHD once the image file has been customized on the Centos/Fedora host. Note When copying and pasting a command, be sure the command has pasted as a single line before executing. Some docume[...]

  • Página 134

    Chapter 13. Working with Templates 124 # cat etc/fstab /dev/xvda / ext3 defaults 1 1 /dev/xvdb /mnt ext3 defaults 0 0 none /dev/pts devpts gid=5,mode=620 0 0 none /proc proc defaults 0 0 none /sys sysfs defaults 0 0 7. Enable login via the console. The default console device in a XenServer system is xvc0. Ensure that etc/inittab and etc/securetty h[...]

  • Página 135

    Converting a Hyper-V VM to a Template 125 # scp CentOS_6.2_x64 xenhost:/var/run/sr-mount/a9c5b8c8-536b-a193-a6dc-51af3e5ff799/ 15. Log in to the Xenserver and create a VDI the same size as the image. [root@xenhost ~]# cd /var/run/sr-mount/a9c5b8c8-536b-a193-a6dc-51af3e5ff799 [root@xenhost a9c5b8c8-536b-a193-a6dc-51af3e5ff799]# ls -lh CentOS_6.2_x64[...]

  • Página 136

    Chapter 13. Working with Templates 126 3. Name the VM, choose the NFS VHD SR under Storage, enable "Run Operating System Fixups" and choose the NFS ISO SR. 4. Click Next, then Finish. A VM should be created. Option two: 1. Run XenConvert, under From choose VHD, under To choose XenServer. Click Next. 2. Choose the VHD, then click Next. 3. [...]

  • Página 137

    Linux OS Installation 127 new password to the virtual router for the account. Thus an instance reboot is necessary to effect any password changes. If the script is unable to contact the virtual router during instance boot it will not set the password but boot will continue normally. 13.13.1. Linux OS Installation Use the following steps to begin th[...]

  • Página 138

    128[...]

  • Página 139

    Chapter 14. 129 Working With Storage 14.1. Storage Overview CloudPlatform defines two types of storage: primary and secondary. Primary storage can be accessed by either iSCSI or NFS. Additionally, direct attached storage may be used for primary storage. Secondary storage is always accessed using NFS or a combination of NFS and object storage. There[...]

  • Página 140

    Chapter 14. Working With Storage 130 VMware vSphere Citrix XenServer KVM Oracle VM Fiber Channel support VMFS Yes, via Existing SR Yes, via Shared Mountpoint No NFS support Y Y Y Y Local storage support Y Y Y Y Storage over-provisioning NFS and iSCSI NFS NFS No XenServer uses a clustered LVM system to store VM images on iSCSI and Fiber Channel volu[...]

  • Página 141

    Maintenance Mode for Primary Storage 131 14.2.5. Maintenance Mode for Primary Storage Primary storage may be placed into maintenance mode. This is useful, for example, to replace faulty RAM in a storage device. Maintenance mode for a storage device will first stop any new guests from being provisioned on the storage device. Then it will stop all gu[...]

  • Página 142

    Chapter 14. Working With Storage 132 Then log in to the CloudPlatform UI and stop and start (not reboot) the Secondary Storage VM for that Zone. 14.3.3. Changing Secondary Storage Servers You can change the secondary storage NFS mount. Perform the following steps to do so: 1. Stop all running Management Servers. 2. Wait 30 minutes. This allows any [...]

  • Página 143

    Uploading an Existing Volume to a Virtual Machine 133 local data volumes can be attached to virtual machines, detached, re-attached, and deleted just as with the other types of data volume. Local storage is ideal for scenarios where persistence of data volumes and HA is not required. Some of the benefits include reduced disk I/O latency and cost re[...]

  • Página 144

    Chapter 14. Working With Storage 134 4. Click Upload Volume. 5. Provide the following: • Name and Description. Any desired name and a brief description that can be shown in the UI. • Availability Zone. Choose the zone where you want to store the volume. VMs running on hosts in this zone can attach the volume. • Format. Choose one of the follo[...]

  • Página 145

    Detaching and Moving Volumes 135 14.4.4. Detaching and Moving Volumes Note This procedure is different from moving volumes from one storage pool to another as described in Section 14.4.5, “VM Storage Migration” . A volume can be detached from a guest VM and attached to another guest. Both CloudPlatform administrators and users can detach volume[...]

  • Página 146

    Chapter 14. Working With Storage 136 Note Because of a limitation in VMware, live migration of storage for a VM is allowed only if the source and target storage pool are accessible to the source host; that is, the host where the VM is running when the live migration operation is requested. 14.4.5.1. Migrating a Data Volume to a New Storage Pool The[...]

  • Página 147

    Resizing Volumes 137 1. Log in to the CloudPlatform UI as a user or admin. 2. In the left navigation bar, click Instances, and click the VM name. 3. (KVM only) Stop the VM. 4. Click the Migrate button and choose the destination from the dropdown list. Note If the VM's storage has to be migrated along with the VM, this will be noted in the host[...]

  • Página 148

    Chapter 14. Working With Storage 138 4. Select the volume name in the Volumes list, then click the Resize Volume button 5. In the Resize Volume pop-up, choose desired characteristics for the storage. a. If you select Custom Disk, specify a custom size. b. Click Shrink OK to confirm that you are reducing the size of a volume. This parameter protects[...]

  • Página 149

    Automatic Snapshot Creation and Retention 139 CloudPlatform supports snapshots of disk volumes. Snapshots are a point-in-time capture of virtual machine disks. Memory and CPU states are not captured. If you are using the Oracle VM hypervisor, you can not take snapshots, since OVM does not support them. Snapshots may be taken for volumes, including [...]

  • Página 150

    Chapter 14. Working With Storage 140 When a snapshot is taken manually, a snapshot is always created regardless of whether a volume has been active or not. 14.5.4. Snapshot Restore There are two paths to restoring snapshots. Users can create a volume from the snapshot. The volume can then be mounted to a VM and files recovered as needed. Alternativ[...]

  • Página 151

    Chapter 15. 141 Working with Usage The Usage Server is an optional, separately-installed part of CloudPlatform that provides aggregated usage records which you can use to create billing integration for CloudPlatform. The Usage Server works by taking data from the events log and creating summary usage records that you can access using the listUsageR[...]

  • Página 152

    Chapter 15. Working with Usage 142 Parameter Name Description Default: The time zone of the management server. usage.sanity.check.interval The number of days between sanity checks. Set this in order to periodically search for records with erroneous data before issuing customer invoices. For example, this checks for VM usage records created after th[...]

  • Página 153

    Setting Usage Limits 143 • enable.usage.server = true • usage.execution.timezone = America/New_York • usage.stats.job.exec.time = 07:00. This will run the Usage job at 2:00 AM EST. Note that this will shift by an hour as the East Coast of the U.S. enters and exits Daylight Savings Time. • usage.stats.job.aggregation.range = 1440 With this c[...]

  • Página 154

    Chapter 15. Working with Usage 144 Parameter Name Description max.account.primary.storage (GB) Maximum primary storage space that can be used for an account. Default is 20*10. max.account.secondary.storage (GB) Maximum secondary storage space that can be used for an account. Default is 20*20. max.project.cpus Maximum number of CPU cores that can be[...]

  • Página 155

    Default Account Resource Limits 145 Parameter Name Definition max.volume.size.gb Maximum size for a volume in GB network.throttling.rate The default data transfer rate in megabits per second allowed in network. snapshot.max.hourly Maximum recurring hourly snapshots to be retained for a volume. If the limit is reached, early snapshots from the start[...]

  • Página 156

    Chapter 15. Working with Usage 146 15.2.3. Per-Domain Limits CloudPlatform allows the configuration of limits on a domain basis. With a domain limit in place, all users still have their account limits. They are additionally limited, as a group, to not exceed the resource limits set on their domain. Domain limits aggregate the usage of all accounts [...]

  • Página 157

    Chapter 16. 147 Managing Networks and Traffic In a CloudPlatform, guest VMs can communicate with each other using shared infrastructure with the security and user perception that the guests have a private LAN. The CloudPlatform virtual router is the main component providing networking features for guest traffic. 16.1. Guest Traffic A network can ca[...]

  • Página 158

    Chapter 16. Managing Networks and Traffic 148 Servers are connected as follows: • Storage devices are connected to only the network that carries management traffic. • Hosts are connected to networks for both management traffic and public traffic. • Hosts are also connected to one or more networks carrying guest traffic. We recommend the use o[...]

  • Página 159

    Basic Zone Physical Network Configuration 149 A firewall for management traffic operates in the NAT mode. The network typically is assigned IP addresses in the 192.168.0.0/16 Class B private address space. Each pod is assigned IP addresses in the 192.168.*.0/24 Class C private address space. Each zone has its own set of public IP addresses. Public [...]

  • Página 160

    Chapter 16. Managing Networks and Traffic 150 1. In the left navigation, choose Infrastructure. On Zones, click View More, then click the zone to which you want to add a network. 2. Click the Network tab. 3. Click Add Isolated Guest Network. The Add Isolated Guest Network window is displayed: 4. Provide the following information: • Name . The nam[...]

  • Página 161

    Configuring a Shared Guest Network 151 16.5.3. Configuring a Shared Guest Network 1. Log in to the CloudPlatform UI as administrator. 2. In the left navigation, choose Infrastructure. 3. On Zones, click View More. 4. Click the zone to which you want to add a guest network. 5. Click the Physical Network tab. 6. Click the physical network you want to[...]

  • Página 162

    Chapter 16. Managing Networks and Traffic 152 • Network Domain : A custom DNS suffix at the level of a network. If you want to assign a special domain name to the guest VM network, specify a DNS suffix. 11. Click OK to confirm. 16.6. Using Security Groups to Control Traffic to VMs 16.6.1. About Security Groups Security groups provide a way to iso[...]

  • Página 163

    Enabling Security Groups 153 16.6.3. Enabling Security Groups In order for security groups to function in a zone, the security groups feature must first be enabled for the zone. The administrator can do this when creating a new zone, by selecting a network offering that includes security groups. The procedure is described in Zone Configuration in t[...]

  • Página 164

    Chapter 16. Managing Networks and Traffic 154 • Account, Security Group . (Add by Account only) To accept only traffic from another security group, enter the CloudPlatform account and name of a security group that has already been defined in that account. To allow traffic between VMs within the security group you are editing now, enter its name ([...]

  • Página 165

    About Using a NetScaler Load Balancer 155 An external Juniper SRX or Cisco ASA can be used for: • Source NAT • Static NAT • Firewall • Port forwarding A NetScaler or F5 can be used for: • Load balancing For details about installing and setting up these external network service providers, see the CloudPlatform Installation Guide. 16.7.1. A[...]

  • Página 166

    Chapter 16. Managing Networks and Traffic 156 NetScaler ADC Type Description of Capabilities CloudPlatform Supported Features act as application firewall and load balancer supported without limitation. In basic zones, static NAT, elastic IP (EIP), and elastic load balancing (ELB) are also provided. VPX Virtual appliance. Can run as VM on XenServer,[...]

  • Página 167

    Initial Setup of External Firewalls and Load Balancers 157 # sec.name source community com2sec local localhost public com2sec mynetwork 0.0.0.0 public Note Setting to 0.0.0.0 allows all IPs to poll the NetScaler server. b. Map the security names into group names: # group.name sec.model sec.name group MyRWGroup v1 local group MyRWGroup v2c local gro[...]

  • Página 168

    Chapter 16. Managing Networks and Traffic 158 The following objects are created on the load balancer: • A new VLAN that matches the account's provisioned Zone VLAN • A self IP for the VLAN. This is always the second IP of the account's private subnet (e.g. 10.1.1.2). 16.7.4. Ongoing Configuration of External Firewalls and Load Balance[...]

  • Página 169

    Configuring AutoScale 159 6. In the Load Balancing node of the diagram, click View All. In a Basic zone, you can also create a load balancing rule without acquiring or selecting an IP address. CloudPlatform internally assigns an IP when you create the load balancing rule, which is listed in the IP Addresses page when the rule is created. To do that[...]

  • Página 170

    Chapter 16. Managing Networks and Traffic 160 VMs automatically and launching new VMs when you need them, without the need for manual intervention. NetScaler AutoScaling is designed to seamlessly launch or terminate VMs based on user-defined conditions. Conditions for triggering a scaleup or scaledown action can vary from a simple use case like mon[...]

  • Página 171

    Configuring AutoScale 161 Configuration Specify the following: • Template : A template consists of a base OS image and application. A template is used to provision the new instance of an application on a scaleup action. When a VM is deployed from a template, the VM can start taking the traffic from the load balancer without any admin intervention[...]

  • Página 172

    Chapter 16. Managing Networks and Traffic 162 Note If an application, such as SAP, running on a VM instance is down for some reason, the VM is then not counted as part of Min Instance parameter, and the AutoScale feature initiates a scaleup action if the number of active VM instances is below the configured value. Similarly, when an application ins[...]

  • Página 173

    Configuring AutoScale 163 • Polling interval : Frequency in which the conditions, combination of counter, operator and threshold, are to be evaluated before taking a scale up or down action. The default polling interval is 30 seconds. • Quiet Time : This is the cool down period after an AutoScale action is initiated. The time includes the time [...]

  • Página 174

    Chapter 16. Managing Networks and Traffic 164 Runtime Considerations • An administrator should not assign a VM to a load balancing rule which is configured for AutoScale. • Before a VM provisioning is completed if NetScaler is shutdown or restarted, the provisioned VM cannot be a part of the load balancing rule though the intent was to assign i[...]

  • Página 175

    Global Server Load Balancing 165 You can delete or modify existing health check policies. To configure how often the health check is performed by default, use the global configuration setting healthcheck.update.interval (default value is 600 seconds). You can override this value for an individual health check policy. For details on how to set a hea[...]

  • Página 176

    Chapter 16. Managing Networks and Traffic 166 • Load Balancing or Content Switching Virtual Servers : According to Citrix NetScaler terminology, a load balancing or content switching virtual server represents one or many servers on the local network. Clients send their requests to the load balancing or content switching virtual server’s virtual[...]

  • Página 177

    Configuring GSLB 167 Tenant-A wishes to leverage the GSLB service provided by the xyztelco cloud. Tenant-A configures a GSLB rule to load balance traffic across virtual server 1 at Zone-1 and virtual server 2 at Zone-2. The domain name is provided as A.xyztelco.com. CloudPlatform orchestrates setting up GSLB virtual server 1 on the GSLB service pro[...]

  • Página 178

    Chapter 16. Managing Networks and Traffic 168 To configure GSLB in your cloud environment, as a cloud administrator you must first configure a standard load balancing setup for each zone. This enables to balance load across different servers in each zone in the region. Then, configure both the NetScaler appliances that you plan to add to each zone [...]

  • Página 179

    Configuring GSLB 169 3. In each zone that are participating in GSLB, add GSLB-enabled NetScaler device. For more information, see Section 16.9.2.2, “Enabling GSLB in NetScaler” . On CloudPlatform side, perform the following as a domain administrator or user: 1. Add a GSLB rule on both the sites. See Section 16.9.2.3, “Adding a GSLB Rule” . [...]

  • Página 180

    Chapter 16. Managing Networks and Traffic 170 3. In Zones, click View More. 4. Choose the zone you want to work with. 5. Click the Physical Network tab, then click the name of the physical network. 6. In the Network Service Providers node of the diagram, click Configure. You might have to scroll down to see this. 7. Click NetScaler. 8. Click Add Ne[...]

  • Página 181

    Configuring GSLB 171 6. Specify the following: • Name : Name for the GSLB rule. • Description : (Optional) A short description of the GSLB rule that can be displayed to users. • GSLB Domain Name : A preferred domain name for the service. • Algorithm : (Optional) The algorithm to use to load balance the traffic across the zones. The options [...]

  • Página 182

    Chapter 16. Managing Networks and Traffic 172 7. Click assign more load balancing. 8. Select the load balancing rule you have created for the zone. 9. Click OK to confirm. 16.10. Using Multiple Guest Networks In zones that use advanced networking, additional networks for guest traffic may be added at any time after the initial installation. You can[...]

  • Página 183

    Reconfiguring Networks in VMs 173 This feature is supported on XenServer, VMware, and KVM hypervisors. 16.10.2.1. Prerequisites For adding or removing networks to work, ensure that vm-tools are running on the guest VMs on VMware host. 16.10.2.2. Adding a Network 1. Log in to the CloudPlatform UI as an administrator or end user. 2. In the left navig[...]

  • Página 184

    Chapter 16. Managing Networks and Traffic 174 2. In the left navigation, click Instances. 3. Choose the VM that you want to work with. 4. Click the NICs tab. 5. Locate the NIC you want to work with. 6. Click the Set default NIC button. 7. Click Yes to confirm. 16.11. Guest IP Ranges The IP ranges for guest network traffic are set on a per-account b[...]

  • Página 185

    Reserving Public IP Addresses and VLANs for Accounts 175 16.14. Reserving Public IP Addresses and VLANs for Accounts CloudPlatform provides you the ability to reserve a set of public IP addresses and VLANs exclusively for an account. During zone creation, you can continue defining a set of VLANs and multiple public IP ranges. This feature extends t[...]

  • Página 186

    Chapter 16. Managing Networks and Traffic 176 • Domain : The domain associated with the account. To create a new IP range and assign an account, perform the following: a. Specify the following: • Gateway • Netmask • VLAN • Start IP • End IP • Account : Perform the following: i. Click Account. The Add Account page is displayed. ii. Spe[...]

  • Página 187

    IP Reservation in Isolated Guest Networks 177 • Domain : The domain associated with the account. 16.15. IP Reservation in Isolated Guest Networks In isolated guest networks, a part of the guest IP address space can be reserved for non- CloudPlatform VMs or physical servers. To do so, you configure a range of Reserved IP addresses by specifying th[...]

  • Página 188

    Chapter 16. Managing Networks and Traffic 178 Case CIDR Network CIDR Reserved IP Range for Non- CloudPlatform VMs Description CIDR field in the UI. 3 10.1.1.0/24 None None Removing IP Reservation by the UpdateNetwork API with guestvmcidr=10.1.1.0/24 or enter 10.1.1.0/24 in the CIDR field in the UI. 16.15.2. Limitations • The IP Reservation is not[...]

  • Página 189

    Use Cases 179 supported on all the network configurations—Basic, Advanced, and VPC. Security Groups, Static NAT and Port forwarding services are supported on these additional IPs. As always, you can specify an IP from the guest subnet; if not specified, an IP is automatically picked up from the guest VM subnet. You can view the IPs associated wit[...]

  • Página 190

    Chapter 16. Managing Networks and Traffic 180 passed, NAT is configured on the specified private IP of the VM. if not passed, NAT is configured on the primary IP of the VM. 16.17. Multiple Subnets in Shared Network CloudPlatform provides you with the flexibility to add guest IP ranges from different subnets in Basic zones and security groups-enable[...]

  • Página 191

    About Elastic IP 181 10. Specify the following: All the fields are mandatory. • Gateway : The gateway for the tier you create. Ensure that the gateway is within the Super CIDR range that you specified while creating the VPC, and is not overlapped with the CIDR of any existing tier within the VPC. • Netmask : The netmask for the tier you create.[...]

  • Página 192

    Chapter 16. Managing Networks and Traffic 182 services if a NetScaler device is deployed in your zone. Consider the following illustration for more details. In the illustration, a NetScaler appliance is the default entry or exit point for the CloudPlatform instances, and firewall is the default entry or exit point for the rest of the data center. N[...]

  • Página 193

    Portable IPs 183 Note Inbound NAT (INAT) is a type of NAT supported by NetScaler, in which the destination IP address is replaced in the packets from the public network, such as the Internet, with the private IP address of a VM in the private network. Reverse NAT (RNAT) is a type of NAT supported by NetScaler, in which the source IP address is repl[...]

  • Página 194

    Chapter 16. Managing Networks and Traffic 184 The salient features of Portable IP are as follows: • IP is statically allocated • IP need not be associated with a network • IP association is transferable across networks • IP is transferable across both Basic and Advanced zones • IP is transferable across VPC, non-VPC isolated and shared ne[...]

  • Página 195

    Transferring Portable IP 185 6. Specify whether you want cross-zone IP or not. 7. Click Yes in the confirmation dialog. Within a few moments, the new IP address should appear with the state Allocated. You can now use the IP address in port forwarding or static NAT rules. 16.19.4. Transferring Portable IP Portable IP is transferred from one network [...]

  • Página 196

    Chapter 16. Managing Networks and Traffic 186 5. Click the IP address you want to work with. 6. Click the Static NAT button. The button toggles between Enable and Disable, depending on whether static NAT is currently enabled for the IP address. 7. If you are enabling static NAT, a dialog appears where you can choose the destination VM and click App[...]

  • Página 197

    Egress Firewall Rules in an Advanced Zone 187 2. In the left navigation, choose Network. 3. In Select view, choose Guest networks, then click the Guest network you want. 4. To add an egress rule, click the Egress rules tab and fill out the following fields to specify what type of traffic is allowed to be sent out of VM instances in this guest netwo[...]

  • Página 198

    Chapter 16. Managing Networks and Traffic 188 a. Log in with admin privileges to the CloudPlatform UI. b. In the left navigation bar, click Service Offerings. c. In Select Offering, choose Network Offering. d. Click Add Network Offering. e. In the dialog, make necessary choices, including firewall provider. f. In the Default egress policy field, sp[...]

  • Página 199

    Port Forwarding 189 • ICMP Type and ICMP Code . Used only if Protocol is set to ICMP. Provide the type and code required by the ICMP protocol to fill out the ICMP header. Refer to ICMP documentation for more details if you are not sure what to enter 7. Click Add. 16.21.3. Port Forwarding A port forward service is a set of port forwarding rules th[...]

  • Página 200

    Chapter 16. Managing Networks and Traffic 190 • Least connection • Source IP This is similar to port forwarding but the destination may be multiple IP addresses. 16.23. DNS and DHCP The Virtual Router provides DNS and DHCP services to the guests. It proxies DNS requests to the DNS server configured on the Availability Zone. 16.24. Remote Access[...]

  • Página 201

    Using Remote Access VPN with Windows 191 • remote.access.vpn.psk.length – Length of the IPSec key. • remote.access.vpn.user.limit – Maximum number of VPN users per account. To enable VPN for a particular network: 1. Log in as a user or administrator to the CloudPlatform UI. 2. In the left navigation, click Network. 3. Click the name of the [...]

  • Página 202

    Chapter 16. Managing Networks and Traffic 192 12. Enter the user name and password from step 1 . 16.24.3. Using Remote Access VPN with Mac OS X First, be sure you've configured the VPN settings in your CloudPlatform install. This section is only concerned with connecting via Mac OS X to your VPN. Note, these instructions were written on Mac OS[...]

  • Página 203

    Setting Up a Site-to-Site VPN Connection 193 Note In addition to the specific Cisco and Juniper devices listed above, the expectation is that any Cisco or Juniper device running on the supported operating systems are able to establish VPN connections. To set up a Site-to-Site VPN connection, perform the following: 1. Create a Virtual Private Cloud [...]

  • Página 204

    Chapter 16. Managing Networks and Traffic 194 Provide the following information: • Name : A unique name for the VPN customer gateway you create. • Gateway : The IP address for the remote gateway. • CIDR list : The guest CIDR list of the remote subnets. Enter a CIDR or a comma-separated list of CIDRs. Ensure that a guest CIDR list is not overl[...]

  • Página 205

    Setting Up a Site-to-Site VPN Connection 195 Note The IKE peers (VPN end points) authenticate each other by computing and sending a keyed hash of data that includes the Preshared key. If the receiving peer is able to create the same hash independently by using its Preshared key, it knows that both peers must share the same secret, thus authenticati[...]

  • Página 206

    Chapter 16. Managing Networks and Traffic 196 Note When PFS is turned on, for every negotiation of a new phase-2 SA the two gateways must generate a new set of phase-1 keys. This adds an extra layer of protection that PFS adds, which ensures if the phase-2 SA’s have expired, the keys used for new phase-2 SA’s have not been generated from the cu[...]

  • Página 207

    Setting Up a Site-to-Site VPN Connection 197 The VPC page is displayed where all the tiers you created are listed in a diagram. 5. Click the Settings icon. For each tier, the following options are displayed: • Internal LB • Public LB IP • Static NAT • Virtual Machines • CIDR The following router information is displayed: • Private Gatew[...]

  • Página 208

    Chapter 16. Managing Networks and Traffic 198 All the VPCs that you create for the account are listed in the page. 4. Click the Configure button of the VPC to which you want to deploy the VMs. The VPC page is displayed where all the tiers you created are listed in a diagram. 5. Click the Settings icon. For each tier, the following options are displ[...]

  • Página 209

    Setting Up a Site-to-Site VPN Connection 199 • Gateway • State • IPSec Preshared Key • IKE Policy • ESP Policy 16.24.4.4. Restarting and Removing a VPN Connection 1. Log in to the CloudPlatform UI as an administrator or end user. 2. In the left navigation, choose Network. 3. In the Select view, select VPC. All the VPCs that you have creat[...]

  • Página 210

    Chapter 16. Managing Networks and Traffic 200 9. To remove a VPN connection, click the Delete VPN connection button To restart a VPN connection, click the Reset VPN connection button present in the Details tab. 16.25. Isolation in Advanced Zone Using Private VLAN Isolation of guest traffic in shared networks can be achieved by using Private VLANs ([...]

  • Página 211

    Prerequisites 201 • Understanding Private VLANs 8 • Cisco Systems' Private VLANs: Scalable Security in a Multi-Client Environment 9 • Private VLAN (PVLAN) on vNetwork Distributed Switch - Concept Overview (1010691) 10 16.25.2. Prerequisites • Use a PVLAN supported switch. See Private VLAN Catalyst Switch Support Matrix 11 for more info[...]

  • Página 212

    Chapter 16. Managing Networks and Traffic 202 9. Click Add guest network. The Add guest network window is displayed. 10. Specify the following: • Name : The name of the network. This will be visible to the user. • Description : The short description of the network that can be displayed to users. • VLAN ID : The unique ID of the VLAN. • Seco[...]

  • Página 213

    About Inter-VLAN Routing 203 This feature is supported on XenServer and VMware hypervisors. The major advantages are: • The administrator can deploy a set of VLANs and allow users to deploy VMs on these VLANs. A guest VLAN is randomly alloted to an account from a pre-specified set of guest VLANs. All the VMs of a certain tier of an account reside[...]

  • Página 214

    Chapter 16. Managing Networks and Traffic 204 To set up a multi-tier Inter-VLAN deployment, see Section 16.27, “Configuring a Virtual Private Cloud” . 16.27. Configuring a Virtual Private Cloud 16.27.1. About Virtual Private Clouds CloudPlatform Virtual Private Cloud is a private, isolated part of CloudPlatform. A VPC can have its own virtual n[...]

  • Página 215

    About Virtual Private Clouds 205 • Private Gateway : All the traffic to and from a private network routed to the VPC through the private gateway. For more information, see Section 16.27.5, “Adding a Private Gateway to a VPC” . • VPN Gateway : The VPC side of a VPN connection. • Site-to-Site VPN Connection : A hardware-based VPN connection[...]

  • Página 216

    Chapter 16. Managing Networks and Traffic 206 • All network tiers inside the VPC should belong to the same account. • When a VPC is created, by default, a SourceNAT IP is allocated to it. The Source NAT IP is released only when the VPC is removed. • A public IP can be used for only one purpose at a time. If the IP is a sourceNAT, it cannot be[...]

  • Página 217

    Adding Tiers 207 Provide the following information: • Name : A short name for the VPC that you are creating. • Description : A brief description of the VPC. • Zone : Choose the zone where you want the VPC to be available. • Super CIDR for Guest Networks : Defines the CIDR range for all the tiers (guest networks) within a VPC. When you creat[...]

  • Página 218

    Chapter 16. Managing Networks and Traffic 208 Note The end users can see their own VPCs, while root and domain admin can see any VPC they are authorized to see. 4. Click the Configure button of the VPC for which you want to set up tiers. 5. Click Create network. The Add new tier dialog is displayed, as follows: If you have already created tiers, th[...]

  • Página 219

    Configuring Network Access Control List 209 For more information, see Section 12.10.3, “Assigning VLANs to Isolated Networks” . • Netmask : The netmask for the tier you create. For example, if the VPC CIDR is 10.0.0.0/16 and the network tier CIDR is 10.0.1.0/24, the gateway of the tier is 10.0.1.1, and the netmask of the tier is 255.255.255.0[...]

  • Página 220

    Chapter 16. Managing Networks and Traffic 210 • Virtual Machines • CIDR The following router information is displayed: • Private Gateways • Public IP Addresses • Site-to-Site VPNs • Network ACL Lists 5. Select Network ACL Lists. The following default rules are displayed in the Network ACLs page: default_allow, default_deny. 6. Click Add[...]

  • Página 221

    Configuring Network Access Control List 211 protocol is typically used to send error messages or network monitoring data. All supports all the traffic. Other option is Protocol Number. • Start Port , End Port (TCP, UDP only): A range of listening ports that are the destination for the incoming traffic. If you are opening a single port, use the sa[...]

  • Página 222

    Chapter 16. Managing Networks and Traffic 212 16.27.5. Adding a Private Gateway to a VPC A private gateway can be added by the root admin only. The VPC private network has 1:1 relationship with the NIC of the physical network. You can configure multiple private gateways to a single VPC. No gateways with duplicated VLAN and IP are allowed in the sam[...]

  • Página 223

    Adding a Private Gateway to a VPC 213 8. Specify the following: • Physical Network : The physical network you have created in the zone. • IP Address : The IP address associated with the VPC gateway. • Gateway : The gateway through which the traffic is routed to and from the VPC. • Netmask : The netmask associated with the VPC gateway. • V[...]

  • Página 224

    Chapter 16. Managing Networks and Traffic 214 gateway to avoid IP conflicts. If Source NAT is enabled, the guest VMs in VPC reaches the enterprise network via private gateway IP address by using the NAT service. The Source NAT service on a private gateway can be enabled while adding the private gateway. On deletion of a private gateway, source NAT [...]

  • Página 225

    Deploying VMs to the Tier 215 16.27.5.4. Blacklisting Routes CloudPlatform enables you to block a list of routes so that they are not assigned to any of the VPC private gateways. Specify the list of routes that you want to blacklist in the blacklisted.routes global parameter. Note that the parameter update affects only new static route creations. I[...]

  • Página 226

    Chapter 16. Managing Networks and Traffic 216 For more information about how the templates came to be in this list, see Chapter 13, Working with Templates . 7. Ensure that the hardware you have allows starting the selected service offering. 8. Under Networks, select networks for the VM you are launching. You can deploy a VM to a VPC tier and multip[...]

  • Página 227

    Releasing an IP Address Alloted to a VPC 217 The VPC page is displayed where all the tiers you created are listed in a diagram. The following options are displayed. • Internal LB • Public LB IP • Static NAT • Virtual Machines • CIDR The following router information is displayed: • Private Gateways • Public IP Addresses • Site-to-Sit[...]

  • Página 228

    Chapter 16. Managing Networks and Traffic 218 • Static NAT • Virtual Machines • CIDR The following router information is displayed: • Private Gateways • Public IP Addresses • Site-to-Site VPNs • Network ACL Lists 5. Select Public IP Addresses. The IP Addresses page is displayed. 6. Click the IP you want to release. 7. In the Details t[...]

  • Página 229

    Adding Load Balancing Rules on a VPC 219 The following router information is displayed: • Private Gateways • Public IP Addresses • Site-to-Site VPNs • Network ACL Lists 5. In the Router node, select Public IP Addresses. The IP Addresses page is displayed. 6. Click the IP you want to work with. 7. In the Details tab,click the Static NAT butt[...]

  • Página 230

    Chapter 16. Managing Networks and Traffic 220 2. Create a network offering, as given in Section 16.27.11.1.2, “Creating a Network Offering for Public LB” . 3. Create a VPC with Netscaler as the Public LB provider. For more information, see Section 16.27.2, “Adding a Virtual Private Cloud” . 4. For the VPC, acquire an IP. 5. Create an public[...]

  • Página 231

    Adding Load Balancing Rules on a VPC 221 16.27.11.1.3. Creating a Public LB Rule 1. Log in to the CloudPlatform UI as an administrator or end user. 2. In the left navigation, choose Network. 3. In the Select view, select VPC. All the VPCs that you have created for the account is listed in the page. 4. Click the Configure button of the VPC, for whic[...]

  • Página 232

    Chapter 16. Managing Networks and Traffic 222 • Source • Stickiness . (Optional) Click Configure and choose the algorithm for the stickiness policy. See Sticky Session Policies for Load Balancer Rules. • Add VMs : Click Add VMs, then select two or more VMs that will divide the load of incoming traffic, and click Apply. The new load balancing [...]

  • Página 233

    Adding Load Balancing Rules on a VPC 223 16.27.11.2.2. Enabling Internal LB on a VPC Tier 1. Create a network offering, as given in Section 16.27.11.2.4, “Creating an Internal LB Rule” . 2. Create an internal load balancing rule and apply, as given in Section 16.27.11.2.4, “Creating an Internal LB Rule” . 16.27.11.2.3. Creating a Network Of[...]

  • Página 234

    Chapter 16. Managing Networks and Traffic 224 • Name : Any desired name for the network offering. • Description : A short description of the offering that can be displayed to users. • Network Rate : Allowed data transfer rate in MB per second. • Traffic Type : The type of network traffic that will be carried on the network. • Guest Type :[...]

  • Página 235

    Adding a Port Forwarding Rule on a VPC 225 • Name : A name for the load balancer rule. • Description : A short description of the rule that can be displayed to users. • Source IP Address : The source IP from which traffic originates. The IP is acquired from the CIDR of that particular tier on which you want to create the Internal LB rule. For[...]

  • Página 236

    Chapter 16. Managing Networks and Traffic 226 The IP Addresses page is displayed. 6. Click the IP address for which you want to create the rule, then click the Configuration tab. 7. In the Port Forwarding node of the diagram, click View All. 8. Select the tier to which you want to apply the rule. 9. Specify the following: • Public Port : The port[...]

  • Página 237

    Editing, Restarting, and Removing a Virtual Private Cloud 227 16.27.14. Editing, Restarting, and Removing a Virtual Private Cloud Note Ensure that all the tiers are removed before you remove a VPC. 1. Log in to the CloudPlatform UI as an administrator or end user. 2. In the left navigation, choose Network. 3. In the Select view, select VPC. All the[...]

  • Página 238

    Chapter 16. Managing Networks and Traffic 228 • When you create a guest network, the network offering that you select defines the network persistence. This in turn depends on whether persistent network is enabled in the selected network offering. • An existing network can be made persistent by changing its network offering to an offering that h[...]

  • Página 239

    Chapter 17. 229 Working with System Virtual Machines CloudPlatform uses several types of system virtual machines to perform tasks in the cloud. In general CloudPlatform manages these system VMs and creates, starts, and stops them as needed based on scale and immediate needs. However, the administrator should be aware of them and their roles to assi[...]

  • Página 240

    Chapter 17. Working with System Virtual Machines 230 The VNC traffic never goes through the guest virtual IP, and there is no need to enable VNC within the guest. The console proxy VM will periodically report its active session count to the Management Server. The default reporting interval is five seconds. This can be changed through standard Manag[...]

  • Página 241

    Virtual Router 231 d. Convert your private key format into PKCS#8 encrypted format. openssl pkcs8 -topk8 -in yourprivate.key -out yourprivate.pkcs8.encryped.key e. Convert your PKCS#8 encrypted private key into the PKCS#8 format that is compliant with CloudPlatform openssl pkcs8 -in yourprivate.pkcs8.encrypted.key -out yourprivate.pkcs8.key 3. In t[...]

  • Página 242

    Chapter 17. Working with System Virtual Machines 232 17.4.2. Upgrading a Virtual Router with System Service Offerings When CloudPlatform creates a virtual router, it uses default settings which are defined in a default system service offering. See Section 9.2, “System Service Offerings” . All the virtual routers in a single guest network use th[...]

  • Página 243

    Chapter 18. 233 System Reliability and High Availability 18.1. HA for Management Server The CloudPlatform Management Server should be deployed in a multi-node configuration such that it is not susceptible to individual server failures. The Management Server itself (as distinct from the MySQL database) is stateless and may be placed behind a load ba[...]

  • Página 244

    Chapter 18. System Reliability and High Availability 234 18.4. Primary Storage Outage and Data Loss When a primary storage outage occurs, all hosts in that cluster are rebooted. This ensures that affected VMs running on the hypervisor are appropriately marked as stopped. Guests that are marked for HA will be restarted as soon as practical when the [...]

  • Página 245

    Limitations on API Throttling 235 18.6.2. Limitations on API Throttling The following limitations exist in the current implementation of this feature. Note Even with these limitations, CloudPlatform is still able to effectively use API throttling to avoid malicious attacks causing denial of service. • In a deployment with multiple Management Serv[...]

  • Página 246

    236[...]

  • Página 247

    Chapter 19. 237 Managing the Cloud 19.1. Using Tags to Organize Resources in the Cloud A tag is a key-value pair that stores metadata about a resource in the cloud. Tags are useful for categorizing resources. For example, you can tag a user VM with a value that indicates the user's city of residence. In this case, the key would be "city&q[...]

  • Página 248

    Chapter 19. Managing the Cloud 238 • listNetworkACLs • listStaticRoutes 19.2. Setting Configuration Parameters 19.2.1. About Configuration Parameters CloudPlatform provides a variety of settings you can use to set limits, configure features, and enable or disable features in the cloud. Once your Management Server is running, you might need to s[...]

  • Página 249

    Setting Global Configuration Parameters 239 Field Value host This is the IP address of the Management Server. If you are using multiple Management Servers you should enter a load balanced IP address that is reachable via the private network. default.page.size Maximum number of items per page that can be returned by a CloudStack API command. The lim[...]

  • Página 250

    Chapter 19. Managing the Cloud 240 4. Click the name of the resource where you want to set a limit. 5. Click the Settings tab. 6. Use the search box to narrow down the list to those you are interested in. 7. In the Actions column, click the Edit icon to modify a value. 19.2.4. Granular Global Configuration Parameters The following global configurat[...]

  • Página 251

    Granular Global Configuration Parameters 241 Field Field Value are sent that the available memory is below the threshold. cluster cluster.cpu.allocated.capacity.disablethreshold The percentage, as a value between 0 and 1, of CPU utilization above which allocators will disable that cluster from further usage. Keep the corresponding notification thre[...]

  • Página 252

    Chapter 19. Managing the Cloud 242 Field Field Value because the available storage capacity is below the threshold. zone storage.overprovisioning.factor Used for storage over- provisioning calculation; available storage will be the mathematical product of actualStorageSize and storage.overprovisioning.factor. zone network.throttling.rate Default da[...]

  • Página 253

    Customizing Alerts with Global Configuration Settings 243 For a list of CloudPlatform alerts, see Appendix B, Alerts . For the most up-to-date list, call the listAlerts API. Note In addition to alerts, CloudPlatform also generates events. Unlike alerts, which indicate issues of concern, events track all routine user and administrator actions in the[...]

  • Página 254

    Chapter 19. Managing the Cloud 244 Each SNMP trap contains the following information: message, podId, dataCenterId, clusterId, and generationTime. 19.4.2.2. Syslog Alert Details CloudPlatform generates a syslog message for every alert. Each syslog message incudes the fields alertType, message, podId, dataCenterId, and clusterId, in the following fo[...]

  • Página 255

    Customizing the Network Domain Name 245 </appender> The following example shows how to configure two Syslog managers at IP addresses 10.1.1.1 and 10.1.1.2. Substitute your own IP addresses. You can set Facility to any syslog-defined value, such as LOCAL0 - LOCAL7. Do not change the other values. <appender name="ALERTSYSLOG"> &[...]

  • Página 256

    Chapter 19. Managing the Cloud 246 • For all networks, if a network domain is specified as part of a network's own configuration, that value is used. • For an account-specific network, the network domain specified for the account is used. If none is specified, the system looks for a value in the domain, zone, and global configuration, in t[...]

  • Página 257

    Chapter 20. 247 CloudPlatform API The CloudPlatform API is a low level API that has been used to implement the CloudPlatform web UIs. It is also a good basis for implementing other popular APIs such as EC2/S3 and emerging DMTF standards. Many CloudPlatform API calls are asynchronous. These will return a Job ID immediately when called. This Job ID c[...]

  • Página 258

    Chapter 20. CloudPlatform API 248 • local-hostname. The hostname of the VM • public-ipv4. The first public IP for the router. (E.g. the first IP of eth2) • public-hostname. This is the same as public-ipv4 • instance-id. The instance name of the VM[...]

  • Página 259

    Chapter 21. 249 Tuning This section provides tips on how to improve the performance of your cloud. 21.1. Performance Monitoring Host and guest performance monitoring is available to end users and administrators. This allows the user to monitor their utilization of resources and determine when it is appropriate to choose a more powerful service offe[...]

  • Página 260

    Chapter 21. Tuning 250 For more information about the buffer pool, see "The InnoDB Buffer Pool" at MySQL Reference Manual 2 . 21.4. Set and Monitor Total VM Limits per Host The CloudPlatform administrator should monitor the total number of VM instances in each cluster, and disable allocation to the cluster if the total is approaching the [...]

  • Página 261

    Chapter 22. 251 Troubleshooting 22.1. Events An event is essentially a significant or meaningful change in the state of both virtual and physical resources associated with a cloud environment. Events are used by monitoring systems, usage and billing systems, or any other event-driven workflow systems to discern a pattern and make the right business[...]

  • Página 262

    Chapter 22. Troubleshooting 252 Configuration As a CloudPlatform administrator, perform the following one-time configuration to enable event notification framework. At run time no changes can control the behaviour. 1. Open 'componentContext.xml . 2. Define a bean named eventNotificationBus as follows: • name : Specify a name for the bean. ?[...]

  • Página 263

    Event Log Queries 253 • INFO. This event is generated when an operation has been successfully performed. • WARN. This event is generated in the following circumstances. • When a network is disconnected while monitoring a template download. • When a template download is abandoned. • When an issue on the storage server causes the volumes to[...]

  • Página 264

    Chapter 22. Troubleshooting 254 22.1.6.1. Permissions Consider the following: • The root admin can delete or archive one or multiple alerts or events. • The domain admin or end user can delete or archive one or multiple events. 22.1.6.2. Procedure 1. Log in as administrator to the CloudPlatform UI. 2. In the left navigation, click Events. 3. Pe[...]

  • Página 265

    Log Collection Utility cloud-bugtool 255 22.3. Log Collection Utility cloud-bugtool CloudPlatform provides a command-line utility called cloud-bugtool to make it easier to collect the logs and other diagnostic data required for troubleshooting. This is especially useful when interacting with Citrix Technical Support. You can use cloud-bugtool to co[...]

  • Página 266

    Chapter 22. Troubleshooting 256 Cause It is possible that a client from outside the intended pool has mounted the storage. When this occurs, the LVM is wiped and all data in the volume is lost Solution When setting up LUN exports, restrict the range of IP addresses that are allowed access by specifying a subnet mask. For example: echo “/export 19[...]

  • Página 267

    Unable to deploy VMs from uploaded vSphere template 257 Cause The CloudPlatform administrator UI was used to place the host in scheduled maintenance mode. This mode is separate from vCenter's maintenance mode. Solution Use vCenter to place the host in maintenance mode. More Information See Section 12.2, “Scheduled Maintenance and Maintenance[...]

  • Página 268

    Chapter 22. Troubleshooting 258 VMware Knowledge Base Article 1 22.9. Load balancer rules fail after changing network offering Symptom After changing the network offering on a network, load balancer rules stop working. Cause Load balancing rules were created while using a network service offering that includes an external load balancer device such [...]

  • Página 269

    259 Appendix A. Event Types VM.CREATE TEMPLATE.EXTRACT SG.REVOKE.INGRESS VM.DESTROY TEMPLATE.UPLOAD HOST.RECONNECT VM.START TEMPLATE.CLEANUP MAINT.CANCEL VM.STOP VOLUME.CREATE MAINT.CANCEL.PS VM.REBOOT VOLUME.DELETE MAINT.PREPARE VM.UPGRADE VOLUME.ATTACH MAINT.PREPARE.PS VM.RESETPASSWORD VOLUME.DETACH VPN.REMOTE.ACCESS.CREATE ROUTER.CREATE VOLUME.U[...]

  • Página 270

    260[...]

  • Página 271

    261 Appendix B. Alerts The following is the list of alert type numbers. The current alerts can be found by calling the listAlerts API command. MEMORY = 0 // Available Memory below configured threshold CPU = 1 // Unallocated CPU below configured threshold STORAGE =2 // Available Storage below configured threshold STORAGE_ALLOCATED = 3 // Remaining u[...]

  • Página 272

    Appendix B. Alerts 262 STORAGE_DELETE = 20 // Failed to delete storage pool UPDATE_RESOURCE_COUNT = 21 // Failed to update the resource count USAGE_SANITY_RESULT = 22 // Usage Sanity Check failed DIRECT_ATTACHED_PUBLIC_IP = 23 // Number of unallocated shared network IPs is low in availability zone LOCAL_STORAGE = 24 // Remaining unallocated Local S[...]