Apache CloudStack is an open-source cloud computing platform that provides infrastructure as a service. It started as commercial software but was released as open source in 2010. It was accepted as an incubating project at the Apache Software Foundation in 2012. CloudStack provides a turn-key stack for running public, private or hybrid clouds across various hypervisors. It has a highly scalable architecture and supports features like networking, storage and high availability.

1. Apache CloudStack:
From API to UI
Joe Brockmeier
PPMC Member Apache CloudStack
(Incubating)
jzb@apache.org
Twitter: @jzb | Freenode: jzb

2. What is Apache CloudStack?
• Open
Source
(Apache-­‐Licensed)
IaaS
• Community
of
Users
and
Providers
• Wri?en
in
Java*
• Provides
a
Turn-­‐Key
“Stack”
for
Running
Public,
Private,
or
Hybrid
Clouds
• Hypervisor
AgnosMc*
• Time-­‐Based
Releases

3. In the beginning…
• Started
as
VMOps
Cloud
Stack
(2008)
• Became
Cloud.com
in
2010
• Released
CloudStack
under
GPLv3
–
but
Open
Core
(May
2010)
• Acquired
by
Citrix
(July
2011)
• EnMrely
Open
Source
(August
2011)

4. Going to Apache
• Relicensed
Proposed
to
Apache
(April
3,
2012)
• Accepted
as
an
IncubaMng
Project
(April
16,
2012)
• First
Major
Release,
4.0.0-­‐incubaMng
(November
6,
2012)
• First
Minor
Release,
4.0.1-­‐incubaMng
(February
12,
2013)

5. Why Apache?
• Known
and
Proven
Governance
Model
• AcMve
Mentoring
of
New
Projects
• 100%
Community-­‐Driven
• More
than
3,000
Developers
• Many
Successful
Projects:
Apache
HTTPD,
Tomcat,
Hadoop,
Cassandra,
Lucene,
etc.

6. Apache Process
• 100%
Community-­‐Driven
• “If
It
Didn’t
Happen
on
the
Mailing
List…”
• Clear
Governance
(PPMC,
Commi?er,
Contributor,
etc.)
• Community
Over
Code
• Rigorous
A?enMon
to
Licenses
• Can
Seem
BureaucraMc

7. Results!

8. Strengths
Weapons
(er, Strengths)

9. What CloudStack Provides

10. Hypervisor Support
• KVM
• XenServer
• Xen
Cloud
Plaiorm
• VMware
via
vCenter
• Bare
Metal
via
IPMI

11. CloudStack Terminology
• Zone:
Availability
zone,
aka
Regions.
Could
be
worldwide.
Different
data
centers
• Pods:
Racks
or
aisles
in
a
data
center
• Clusters:
Group
of
machines
with
a
common
type
of
Hypervisor
• Host:
A
Single
server
• Primary
Storage:
Shared
storage
across
a
cluster
• Secondary
Storage:
Shared
storage
in
a
single
Zone

12. CloudStack Architecture
Internet
Ø Hypervisor
is
the
basic
unit
of
CloudStack
Management
scale.
Server
Zone
1
Ø Cluster
consists
of
one
ore
more
hosts
of
same
hypervisor
L3 core
Ø All
hosts
in
cluster
have
access
to
shared
(primary)
storage
Pod
1
Access Layer Pod
N
Secondary
Ø Pod
is
one
or
more
clusters,
….
Storage
usually
with
L2
switches.
Cluster
N
Ø Availability
Zone
has
one
or
more
pods,
has
access
to
….
secondary
storage.
Ø One
or
more
zones
represent
Cluster
1
cloud
Host 1
Primary
Storage
Host 2

13. CloudStack Storage
• Primary
Storage:
– Anything
that
can
be
mounted
on
the
node
of
a
cluster.
– Cluster
LVM…iSCSI…
– Holds
disk
images
of
running
VMs
– Support
for
CEPH
with
KVM
hypervisors
• Secondary
Storage:
– Available
across
the
zone
– Holds
snapshots
and
templates
(image
repo)
– Can
use
OpenStack
swim
or
any
object
store
(Gluster
FS…)
– New
support
for
Caringo
• Can
use
NFS
for
both
to
start
• Storage
abstracMon
refactoring
underway
in
4.1.0
and
4.2.0

14. Networking
• Extremely
flexible
to:
– Provide
isolaMon
with
VLANs
– Provide
isolaMon
at
L3
with
shared
L2
(scalability)
– Support
hardware
devices
that
exposes
API
– Deployed
on
exisMng
networking
infrastructure
– Support
new
networking
paradigm
(SDN)
• Support
for
Nicira
Virtual
P
• Extensive
use
of
Open
VSwitch

15. Management Server
• UI/API
bits
are
stateless
(state
is
stored
in
a
MySQL
database)
• All
UI
funcMonality
is
available
as
an
API
call
• Resiul
API
– UnauthenMcated
API
on
8096
for
localhost
(disabled
by
default)
– AuthenMcated
on
port
8080
– Responses
in
XML
or
JSON

16. Highly Scalable
• Up
to
10K
resources
managed
per
management
server
node
• Internal
tesMng
w/somware
simulators
shows
up
to
30K
physical
resources
and
30K
VMs
managed
by
4
management
server
nodes.
• Real
producMon
deployments
of
tens
of
thousands
of
resources
•
See
Alex
Huang’s
presentaMon:
h?p://is.gd/alexh_scale

17. CloudStack Allocation
• How
are
VMs
placed,
storage
allocated,
etc.?
• CloudStack
has
several
defaults
– First
fit
– Fill
first
– Disperse
• Don’t
like
those?
Create
your
own!
• Allows
over-­‐provsioning
• OS
Preference

18. High Availability
• RFMTTR
–
“really
fast
mean
Mme
to
recovery.”
• CloudStack
is
not
(alone)
a
magical
HA
soluMon.
• Watches
HA-­‐enabled
VMs
to
ensure
they’re
up,
and
that
the
hypervisor
it’s
on
is
up.
Will
restart
on
another
if
the
hypervisor
goes
down.
• Redundant
router.

19. Load Balancing
• Uses
HA
Proxy
• CloudStack
supports
load-­‐balancing
for
distribuMng
traffic
to
its
instances
• Choose
between
round-­‐robin,
source,
or
least
connecMons
• Choose
sMckiness
policy
(source,
lbcookie,
appcookie)

20. Snapshots
• CloudStack
allows
you
to
take
snapshots
manually
or
set
up
recurring
snapshots.
• Snapshots
can
be
managed
automagically
(keep
N
number)
and
manually
(delete
snapshot
manually).
• Can
be
turned
into
templates
or
volumes
to
be
used
by
other
instances.

21. CloudStack Networking
• CloudStack
manages
– DHCP
– VLAN
allocaMon
– Firewall
– NAT/Port
forwarding
– RouMng
– VPN
– Load
Balancing
• CloudStack
can
manage
physical
network
hardware
(F5-­‐Big
IP,
NetScaler,
Juniper
SRX)

22. CloudStack Networking Types
• CloudStack
offers
Basic
and
Advanced
Networking
– Basic:
Easy,
can
only
be
one
physical
network
• Every
host,
system
VM,
and
guest
instance
has
a
unique
IP
– Advanced:
Allows
mulMple
physical
networks
• Each
account
has
a
public
IP,
assigned
to
virtual
router,
guest
IP
range
(e.g.
10.0.1.10/24),
and
VLAN
ID
for
the
isolated
guest
network
• Guests
communicate
via
their
own
dedicated
VLAN

23. CloudStack Networks
• Management
Network:
Used
by
hypervisors
and
management
server
to
communicate
• Private
Network:
Default
network
for
system
VMs
(virtual
router,
secondary
storage
VM,
console
proxy
VM)
• Public
Network:
Public-­‐facing
(e.g.
the
Internet)
• Guest
Network:
Network
VMs
are
provisioned
on
• Link-­‐local
Network:
Network
used
for
communicaMon
between
hypervisor
and
system
VMs.
(RFC
3927)

24. Security Groups
• TradiMonal
isolaMon
has
been
via
VLAN
• VLANs
provide
isolaMon,
but
at
the
cost
of
scaling
– Standard
limit
is
4,096
VLANs
– Hardware
that
supports
upper
limit
is
expensive
– What
happens
with
4,097?
• Amazon
and
others
use
Layer
3
isolaMon
(Security
Groups)

25. Security Groups
• Assumes
a
quasi-­‐trusted
Layer
2
network
• Filtering/isolaMon
happens
at
the
bridge
level
(think
ebtables)
• Deny
by
default

26. Accounts, Domains, and
Projects
• CloudStack
has
a
top-­‐level
domain
called
ROOT
• You
can
create
sub-­‐domains
• You
can
create
3
types
of
accounts,
admins,
domain-­‐admins,
or
users
• Projects
can
be
used
to
hold
resources
for
Mme-­‐
limited
projects
• Supports
LDAP
integraMon
• CloudStack’s
account
system
is
very
simple
–
don’t
make
it
more
complicated!

27. Usage Accounting
• Provides
stats
that
can
be
used
for
billing
(but
is
not
a
billing
soluMon)
• Usage
stats
show:
VM
count,
CPU
usage,
disk
allocaMon
and
use,
network
usage
over
Mme.
• IntegraMon
howtos
for
imporMng
to
Excel,
Ubersmith,
Amysta,
and
Cloud
Portal.

28. APIs
• Root
Admin,
Domain
Admin,
User
• Set
of
methods
available
over
HTTP(S)
• AuthenMcated
on
8080
w/Keys
• UnauthenMcated
on
8096
(off
by
default)
• Python
+
Ruby
clients
available

30. AWS EC2 and S3 Compatibility
• Includes
an
EC2/S3
compaMbility
layer
• See:
– h?p://wiki.cloudstack.org/display/RelOps/
EC2+API+support+in+CloudStack
– h?p://www.slideshare.net/sebasMengoasguen/
cloudstack-­‐ec2-­‐configuraMon
• Euca
Tools,
Boto,
etc.
should
work
with
CloudStack

31. CloudMonkey
• New
ASF
CloudStack
CLI
• Python
code,
built
using
Marvin
• h?ps://cwiki.apache.org/CLOUDSTACK/
cloudstack-­‐cloudmonkey-­‐cli.html
• Available
from
CloudStack
source
or
pypi:
– h?p://pypi.python.org/pypi/cloudmonkey/

32. Use Cases
• Private
Cloud
• Dual-­‐Workload
Private
Cloud
• Public
Cloud
(ISP/Providers)
• Hybrid
Cloud
• Small
to
Very,
Very
Large

33. Zynga
• Online
Games
• Hybrid
Cloud
(Move
workloads
between
“zCloud”
and
public
cloud)
80/20
split
• North
of
30K
Nodes

34. Datapipe
• Public
Cloud
• Geo-­‐distributed:
– U.S.
(NJ
San
Jose,
CA)
– Hong
Kong
– Shanghai
– London
– Iceland
(w/in
90
days)
• Smaller
(
100
Hosts)
but
massively
distributed
• See:
h?p://is.gd/datapipe_cs

35. ISWest
• Hosted
IaaS
Clouds
(Private
Environment)
from
Dedicated
Servers
• Most
Customers
are
Small
(
15
VMs)
• Mix
of
Hypervisors
• FuncMoning
Cloud
in
“a
li?le
over
a
month.”

36. Trying CloudStack

37. DevCloud
• DevCloud
is
a
VirtualBox
image
w/nested
virt.
• Grab
the
DevCloud
image
from:
h?p://wiki.cloudstack.org/display/COMM/DevCloud
• Log
in
via
the
GUI:
h?p://localhost:8080/client
• SSH
to
DevCloud:
ssh -p 2222 root@localhost
Username:
admin
Password:
password
• DevCloud
KVM
–
effort
to
run
DevCloud
on
a
KVM
host

38. CloudStack Runbook
• Minimal
install
(1
server)
• Wri?en
by
David
Nalley
w/fixes
from
the
community
• h?p://people.apache.org/~ke4qqq/runbook/
• Focuses
on
CentOS
w/KVM
–
other
runbooks
in
process
for
Ubuntu
w/Xen
or
KVM.

39. Direction
• Currently
on
a
Four-­‐Month
Release
Cycle
• 4.1.0
Expected
Early
April,
4.2.0
in
August
• 4.0.2
“Any
Day
Now”
• Releases
Supported
UnMl
Next
Major
Feature
Release
(e.g.,
4.0.0,
4.0.x
unMl
4.1.0)
• Last
Major
Release
Will
Receive
Support
for
12
Months
(hasn’t
happened
yet)

40. Expected in 4.1.0
• AutoScale:
Work
with
loadbalancers
(like
NetScaler)
to
scale
up/down
resources.
• Resize
Volumes
for
Instances
• OpenVSwitch
Support
for
KVM
• API
Request
Thro?ling
• AWS-­‐like
Regions
• Persistent
Networks
without
Running
Instances

41. Get Involved
• Main
Site:
CloudStack.org
• IRC:
#cloudstack
and
#cloudstack-­‐dev
• Follow
@cloudstack
on
Twi?er
• Lots
of
Presos:
h?p://slideshare.net/cloudstack
• Mailing
Lists:
h?p://cloudstack.org/discuss/mailing-­‐
lists.html

42. Contact Me
Email:
jzb@apache.org
Phone:
+1
314-­‐669-­‐4JZB
(4592)
Blog:
h?p://dissociatedpress.net/
Twi?er: