Instruction/ maintenance manual of the product 4.2 Citrix Systems
Go to page of 272
CloudPlatform (powered by Apache CloudStack) Version 4.2 Administrator's Guide Revised October 27, 2013 10:50 pm Pacific Citrix CloudPlatform.
CloudPlatform (powered by Apache CloudStack) Version 4.2 Administrator's Guide CloudPlatform (powered by Apache CloudStack) Version 4.2 Administrator's Guide Revised October 27, 2013 10:50 pm Pacific Author Citrix CloudPlatform © 2013 Citrix Systems, Inc.
iii 1. Ge tt in g Mo re In fo rm at io n a nd He lp 1 1. 1. A dd it io na l D oc um en ta ti on Av ai la bl e ............................................................................... 1 1. 2. Ci tr ix Kn ow le dg e C en te r ....................
CloudPlatform (powered by Apache CloudStack) Version 4.2 Administrator's Guide iv 7. Us in g Pr oj ec ts to Or ga ni ze Use rs an d Re so ur ce s 35 7. 1. Ov er vi ew of Pr oje ct s ................................................................
v 10 .4 .1 . In di vi du al ....................................................................................................... 74 10.4.2. Support Matrix for an Isolated Network (Combination) .. . . . . . . .. . . . . . .. . . . . . . .. . . . . .
CloudPlatform (powered by Apache CloudStack) Version 4.2 Administrator's Guide vi 12.7. Using Cisco UCS as Bare Metal Host CloudPlatform . . . . . . . .. . . . . . .. . . . . . . .. . . . . . .. . . . . . . .. . . . . . .. . . 105 12 .7 .1 . Re gi st er in g a UC S Ma na ge r .
vii 14 .4 .8 . Vo lu me Del et io n an d Ga rb ag e Col lec ti on ...................................................... 138 14 .5 . Wor ki ng wi th Sn ap sh ot s ........................................................................................
CloudPlatform (powered by Apache CloudStack) Version 4.2 Administrator's Guide viii 16 .1 5. 2. Lim it at io ns ................................................................................................. 17 8 16 .1 5. 3. Be st Pr ac ti ce s .
ix 17 . Wo rk in g wi th Sy st em Vir tu al Mac hi ne s 229 17 .1 . The Sy st em VM Te mp la te ....................................................................................... 22 9 17 .2 . Mul ti pl e Sys te m VM Su pp or t fo r VM wa re .....
CloudPlatform (powered by Apache CloudStack) Version 4.2 Administrator's Guide x 22 .3 . Lo g Co ll ec ti on Ut il it y cl ou d- bu gt oo l .......................................................................... 25 5 22 .3 .1 . Usi ng cl ou d- bu gt oo l .
Chapter 1. 1 Getting More Information and Help 1.1. Additional Documentation Available The following guides are available: • Installation Guide — Covers initial installation of CloudPlatform. It aims to cover in full detail all the steps and requirements to obtain a functioning cloud deployment.
2.
Chapter 2. 3 Concepts 2.1. What Is CloudPlatform? CloudPlatform is a software platform that pools computing resources to build public, private, and hybrid Infrastructure as a Service (IaaS) clouds. CloudPlatform manages the network, storage, and compute nodes that make up a cloud infrastructure.
Chapter 2. Concepts 4 Massively Scalable Infrastructure Management CloudPlatform can manage tens of thousands of servers installed in multiple geographically distributed datacenters. The centralized management server scales linearly, eliminating the need for intermediate cluster-level management servers.
Management Server Overview 5 A more full-featured installation consists of a highly-available multi-node Management Server installation and up to thousands of hosts using any of several advanced networking setups. For information about deployment options, see Choosing a Deployment Architecture in the Installation Guide.
Chapter 2. Concepts 6 • Zone: Typically, a zone is equivalent to a single datacenter. A zone consists of one or more pods and secondary storage. • Pod: A pod is usually one rack of hardware that includes a layer-2 switch and one or more clusters. • Cluster: A cluster consists of one or more hosts and primary storage.
Networking Overview 7 • Basic. Provides a single network where guest isolation can be provided through layer-3 means such as security groups (IP address source filtering). • Advanced. For more sophisticated network topologies. This network model provides the most flexibility in defining guest networks and providing guest isolation.
8.
Chapter 3. 9 Cloud Infrastructure Concepts 3.1. About Regions To increase reliability of the cloud, you can optionally group resources into multiple geographic regions. A region is the largest available organizational unit within a CloudPlatform deployment.
Chapter 3. Cloud Infrastructure Concepts 10 The benefit of organizing infrastructure into zones is to provide physical isolation and redundancy. For example, each zone can have its own power supply and network uplink, and the zones can be widely separated geographically (though this is not required).
About Pods 11 For each zone, the administrator must decide the following. • How many pods to place in a zone. • How many clusters to place in each pod.
Chapter 3. Cloud Infrastructure Concepts 12 3.4. About Clusters A cluster provides a way to group hosts. To be precise, a cluster is a XenServer server pool, a set of KVM servers, a set of OVM hosts, or a VMware cluster preconfigured in vCenter.
About Hosts 13 server with CloudPlatform. There may be multiple vCenter servers per zone. Each vCenter server may manage multiple VMware clusters. 3.5. About Hosts A host is a single computer. Hosts provide the computing resources that run guest virtual machines.
Chapter 3. Cloud Infrastructure Concepts 14 • Dell EqualLogic™ for iSCSI • Network Appliances filers for NFS and iSCSI • Scale Computing for NFS If you intend to use only local disk for your installation, you can skip adding separate primary storage.
Basic Zone Network Traffic Types 15 type for each network vary depending on whether you are creating a zone with basic networking or advanced networking. A physical network is the actual network hardware and wiring in a zone. A zone can have multiple physical networks.
Chapter 3. Cloud Infrastructure Concepts 16 you must also configure a network to carry public traffic. CloudPlatform takes care of presenting the necessary network configuration steps to you in the UI when you add a new zone.
Advanced Zone Public IP Addresses 17 3.8.5. Advanced Zone Public IP Addresses When advanced networking is used, the administrator can create additional networks for use by the guests.
18.
Chapter 4. 19 Accounts 4.1. Accounts, Users, and Domains Accounts An account typically represents a customer of the service provider or a department in a large organization. Multiple users can exist in an account. Domains Accounts are grouped by domains.
Chapter 4. Accounts 20 4.1.1. Dedicating Resources to Accounts and Domains The root administrator can dedicate resources to a specific domain or account that needs private infrastructure for additional security or performance guarantees. A zone, pod, cluster, or host can be reserved by the root administrator for a specific domain or account.
Using an LDAP Server for User Authentication 21 If you delete an account or domain, any hosts, clusters, pods, and zones that were dedicated to it are freed up. They will now be available to be shared by any account or domain, or the administrator may choose to re-dedicate them to a different account or domain.
Chapter 4. Accounts 22 5. Specify the following: • Bind DN : The full distinguished name (DN), including common name (CN), of an LDAP user account that has the necessary privileges to search users. For example: cn=admin,cn=users,dc=mycom,dc=com This user account must have at least domain user privileges.
Example LDAP Configuration Commands 23 6. Click OK. 4.2.1.2. Removing an LDAP Configuration 1. Log in to the CloudPlatform. 2. From the left navigational bar, click Global Settings. 3. From the Select view drop down, select LDAP Configuration. 4. In the Quick View, click Remove LDAP.
Chapter 4. Accounts 24 depending on which LDAP server you are using. A full discussion of distinguished names is outside the scope of our documentation.
Search User Bind DN 25 (&(sAMAccountName=%u) or (&(mail=%e)) 4.2.5. Search User Bind DN The bind DN is the user on the external LDAP server permitted to search the LDAP directory within the defined search base. When the DN is returned, the DN and passed password are used to authenticate the CloudPlatform user with an LDAP bind.
26.
Chapter 5. 27 User Services Overview In addition to the physical and logical infrastructure of your cloud, and the CloudPlatform software and servers, you also need a layer of user services so that people can actually make use of the cloud.
28.
Chapter 6. 29 User Interface 6.1. Supported Browsers The CloudPlatform web-based UI is available in the following popular browsers: • Mozilla Firefox 22 or greater • Apple Safari, all versions packaged with Mac OS X 10.
Chapter 6. User Interface 30 6.2.2. Root Administrator's UI Overview The CloudPlatform UI helps the CloudPlatform administrator provision, view, and manage the cloud infrastructure, domains, user accounts, projects, and configuration settings.
Changing the Root Password 31 Warning You are logging in as the root administrator. This account manages the CloudPlatform deployment, including physical infrastructure.
Chapter 6. User Interface 32 For more information on creating a new instance, see Section 11.4, “Creating VMs” . 2. Download the script file cloud-set-guest-sshkey from the following link: http://download.cloud.com/templates/4.2/bindir/cloud-set-guest-sshkey.
Creating an Instance 33 2. Copy the key data into a file. The file looks like this: -----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQCSydmnQ67jP6lNoXdX3noZjQdrMAWNQZ7y5SrEu4wDxplvhYci dXYBeZVwakDVsU2MLGl.
34.
Chapter 7. 35 Using Projects to Organize Users and Resources 7.1. Overview of Projects Projects are used to organize people and resources. CloudPlatform users within a single domain can group themselves into project teams so they can collaborate and share virtual resources such as VMs, snapshots, templates, data disks, and IP addresses.
Chapter 7. Using Projects to Organize Users and Resources 36 1. Log in as administrator to the CloudPlatform UI. 2. In the left navigation, click Global Settings. 3. In the search box, type project and click the search button. 4. In the search results, you can see a few other parameters you need to set to control how invitations behave.
Creating a New Project 37 3. In the search box, type allow.user.create.projects. 4. Click the edit button to set the parameter. allow.user.create.projects Set to true to allow end users to create projects. Set to false if you want only the CloudPlatform root administrator and domain administrators to create projects.
Chapter 7. Using Projects to Organize Users and Resources 38 5. Click the Invitations tab. 6. In Add by, select one of the following: a. Account – The invitation will appear in the user’s Invitations tab in the Project View. See Using the Project View.
Suspending or Deleting a Project 39 7.6. Suspending or Deleting a Project When a project is suspended, it retains the resources it owns, but they can no longer be used. No new resources or members can be added to a suspended project. When a project is deleted, its resources are destroyed, and member accounts are removed from the project.
40.
Chapter 8. 41 Steps to Provisioning Your Cloud Infrastructure This section tells how to add regions, zones, pods, clusters, hosts, storage, and networks to your cloud. If you are unfamiliar with these entities, please begin by looking through Chapter 3, Cloud Infrastructure Concepts .
Chapter 8. Steps to Provisioning Your Cloud Infrastructure 42 8.2. Adding Regions (optional) Grouping your cloud resources into geographic regions is an optional step when provisioning the cloud. For an overview of regions, see Section 3.1, “About Regions” .
Adding Third and Subsequent Regions 43 3. Now add the new region to region 1 in CloudPlatform. a. Log in to CloudPlatform in the first region as root administrator (that is, log in to <region.1.IP.address>:8080/client). b. In the left navigation bar, click Regions.
Chapter 8. Steps to Provisioning Your Cloud Infrastructure 44 2. Once the Management Server is running, add your new region to all existing regions by repeatedly using the Add Region button in the UI. For example, if you were adding region 3: a. Log in to CloudPlatform in the first region as root administrator (that is, log in to <region.
Adding a Zone 45 2. In the left navigation bar, click Regions. 3. Click the name of the region you want to delete. 4. Click the Remove Region button. 5. Repeat these steps for <region.2.IP.address>:8080/client. 8.3. Adding a Zone Adding a zone consists of three phases: • Create a mount point for secondary storage on the Management Server.
Chapter 8. Steps to Provisioning Your Cloud Infrastructure 46 This process will require approximately 5 GB of free space on the local file system and up to 30 minutes each time it runs. • For XenServer: # /usr/share/cloudstack-common/scripts/storage/secondary/cloud-install-sys-tmplt -m / mnt/secondary -u http://download.
Steps to Add a New Zone 47 For more information about the network types, see Network Setup. 7. The rest of the steps differ depending on whether you chose Basic or Advanced. Continue with the steps that apply to you: • Section 8.3.3.1, “Basic Zone Configuration” • Section 8.
Chapter 8. Steps to Provisioning Your Cloud Infrastructure 48 The traffic types are management, public, guest, and storage traffic. For more information about the types, roll over the icons to display their tool tips, or see Basic Zone Network Traffic Types.
Steps to Add a New Zone 49 • Pod Name. A name for the pod. • Reserved system gateway. The gateway for the hosts in that pod. • Reserved system netmask. The network prefix that defines the pod's subnet. Use CIDR notation. • Start/End Reserved System IP.
Chapter 8. Steps to Provisioning Your Cloud Infrastructure 50 • KVM vSphere Installation and Configuration • Oracle VM (OVM) Installation and Configuration To configure the first host, enter the following, then click Next: • Host Name. The DNS name or IP address of the host.
Steps to Add a New Zone 51 • Public. A public zone is available to all users. A zone that is not public will be assigned to a particular domain. Only users in that domain will be allowed to create guest VMs in this zone. 2. Choose which traffic types will be carried by the physical network.
Chapter 8. Steps to Provisioning Your Cloud Infrastructure 52 4. Click Next. 5. Configure the IP range for public Internet traffic. Enter the following details, then click Add. If desired, you can repeat this step to add more public Internet IP ranges.
Steps to Add a New Zone 53 • Start/End Reserved System IP. The IP range in the management network that CloudPlatform uses to manage various system VMs, such as Secondary Storage VMs, Console Proxy VMs, and DHCP. For more information, see Section 3.8.
Chapter 8. Steps to Provisioning Your Cloud Infrastructure 54 more information, see HA-Enabled Virtual Machines as well as HA for Hosts, both in the Administration Guide. 10. In a new cluster, CloudPlatform adds the first primary storage server for you.
Adding a Pod 55 SharedMountPoint • Path. The path on each host that is where this primary storage is mounted. For example, "/mnt/primary". • Tags (optional). The comma-separated list of tags for this storage device. It should be an equivalent set or superset of the tags on your disk offerings.
Chapter 8. Steps to Provisioning Your Cloud Infrastructure 56 5. Enter the following details in the dialog. • Name. The name of the pod. • Gateway. The gateway for the hosts in that pod. • Netmask. The network prefix that defines the pod's subnet.
Add Cluster: vSphere 57 3. Click the Compute tab. In the Pods node, click View All. Select the same pod you used in step 1. 4. Click View Clusters, then click Add Cluster. The Add Cluster dialog is displayed. 5. In Hypervisor, choose OVM. 6. In Cluster, enter a name for the cluster.
Chapter 8. Steps to Provisioning Your Cloud Infrastructure 58 2. Log in to the UI. 3. In the left navigation, choose Infrastructure. In Zones, click View More, then click the zone in which you want to add the cluster. 4. Click the Compute tab, and click View All on Pods.
Add Cluster: vSphere 59 If you have enabled Nexus dvSwitch in the environment, the following parameters for dvSwitch configuration are displayed: • Nexus dvSwitch IP Address: The IP address of the Nexus VSM appliance. • Nexus dvSwitch Username: The username required to access the Nexus VSM applicance.
Chapter 8. Steps to Provisioning Your Cloud Infrastructure 60 8.6. Adding a Host 1. Before adding a host to the CloudPlatform configuration, you must first install your chosen hypervisor on the host. CloudPlatform can manage hosts running VMs under a variety of hypervisors.
Adding a Host (XenServer, KVM, or OVM) 61 For all additional hosts to be added to the cluster, run the following command. This will cause the host to join the master in a XenServer pool.
Chapter 8. Steps to Provisioning Your Cloud Infrastructure 62 7. Click Add Host. 8. Provide the following information. • Host Name. The DNS name or IP address of the host. • Username. Usually root. • Password. This is the password for the user named above (from your XenServer, KVM, or OVM install).
Adding Secondary Storage 63 • Pod. (Visible only if you choose Cluster in the Scope field.) The pod for the storage device. • Cluster. (Visible only if you choose Cluster in the Scope field.) The cluster for the storage device. • Name. The name of the storage device • Protocol.
Chapter 8. Steps to Provisioning Your Cloud Infrastructure 64 3. Log in to the CloudPlatform UI as root administrator. 4. In the left navigation bar, click Infrastructure. 5. In Secondary Storage, click View All. 6. Click Add Secondary Storage. 7. Fill in the following fields: • Name.
Initialize and Test 65 5. In Secondary Storage, click View All. 6. In Select View, choose Secondary Staging Store. 7. Click the Add NFS Secondary Staging Store button. 8. Fill out the dialog box fields, then click OK: • Zone. The zone where the NFS Secondary Staging Store is to be located.
Chapter 8. Steps to Provisioning Your Cloud Infrastructure 66 If you decide to grow your deployment, you can add more hosts, primary storage, zones, pods, and clusters.
Chapter 9. 67 Service Offerings In this chapter we discuss compute, disk, and system service offerings. Network offerings are discussed in the section on setting up networking for users. 9.1. Compute and Disk Service Offerings A service offering is a set of virtual hardware features such as CPU core count and speed, memory, and disk size.
Chapter 9. Service Offerings 68 • Storage type : The type of disk that should be allocated. Local allocates from storage attached directly to the host where the system VM is running.
Modifying or Deleting a Service Offering 69 • Disk Size. Appears only if Custom Disk Size is not selected. Define the volume size in GB. • QoS Type. Three options: Empty (no Quality of Service), hypervisor (rate limiting enforced on the hypervisor side), and storage (guaranteed minimum and maximum IOPS enforced on the storage side).
Chapter 9. Service Offerings 70 5. In the dialog, make the following choices: • Name. Any desired name for the system offering. • Description. A short description of the offering that can be displayed to users • System VM Type. Select the type of system virtual machine that this offering is intended to support.
Changing the Secondary Storage VM Service Offering on a Guest Network 71 6. Click the Change Service button. 7. Select the offering you want. The Change service dialog box is displayed.
72.
Chapter 10. 73 Setting Up Networking for Users 10.1. Overview of Setting Up Networking for Users People using cloud infrastructure have a variety of needs and preferences when it comes to the networking services provided by the cloud.
Chapter 10. Setting Up Networking for Users 74 • Source NAT per zone is not supported when the service provider is virtual router. However, Source NAT per account is supported with virtual router in a Shared Network. For information, see Section 16.
Support Matrix for an Isolated Network (Combination) 75 Virtual Router VPC Virtual Router BigIP F5 Juniper SRX Citrix NetScaler Port Forwarding YYN YN Load Balancing Y Y Y N Y Remote VPN Y N N Y N Network ACL N Y N N N Usage Monitoring YYYYY Security Group N N N N N Firewall Y N N Y N 10.
Chapter 10. Setting Up Networking for Users 76 NW Devices DHCP DNS User Data Source NAT Static NAT Port Forwarding Load Balancing Remote VPN Network ACL Usage Monitoring Security Group Firewall by Side LB - No SRX and F5 Inline VR VR VR SRX SRX SRX F5 SRX SRX Y N Static NAT / PF - Yes LB - Yes 10.
Support Matrix for Basic Zone 77 10.4.4. Support Matrix for Basic Zone Y = Supported N = Not Supported NW Devices DHCP DNS User Data Source NAT Static NAT Port Forwarding Load Balancing Remote VPN Net.
Chapter 10. Setting Up Networking for Users 78 a web server farm and require a scalable firewall solution, load balancing solution, and alternate networks for accessing the database backend.
Creating a New Network Offering 79 • Supported Services . Select one or more of the possible network services. For some services, you must also choose the service provider; for example, if you select Load Balancer, you can choose the CloudPlatform virtual router or any other load balancers that have been configured in the cloud.
Chapter 10. Setting Up Networking for Users 80 Supported Services Description Isolated Shared been configured in the cloud. VPN For more information, see Section 16.24, “Remote Access VPN” . Supported Supported User Data For more information, see Section 20.
Changing the Network Offering on a Guest Network 81 Side by Side : In side by side mode, a firewall device is deployed in parallel with the load balancer device. So the traffic to the load balancer public IP is not routed through the firewall, and therefore, is exposed to the public network.
Chapter 10. Setting Up Networking for Users 82 2. If you are changing from a network offering that uses the CloudPlatform virtual router to one that uses external devices as network service providers, you must first stop all the VMs on the network. See Section 11.
Creating and Changing a Virtual Router Network Offering 83 • System Offering . Choose the system service offering that you want virtual routers to use in this network. In this case, the default “System Offering For Software Router” and the custom “VRsystemofferingHA” are available and displayed.
84.
Chapter 11. 85 Working With Virtual Machines 11.1. About Working with Virtual Machines CloudPlatform provides administrators with complete control over the life cycle of all guest VMs executing in the cloud. CloudPlatform provides several guest management operations for end users and administrators.
Chapter 11. Working With Virtual Machines 86 11.2.1. Monitor VMs for Max Capacity The CloudPlatform administrator should monitor the total number of VM instances in each cluster, and disable allocation to the cluster if the total is approaching the maximum that the hypervisor can handle.
Creating VMs 87 Once a virtual machine is destroyed, it cannot be recovered. All the resources used by the virtual machine will be reclaimed by the system. This includes the virtual machine’s IP address. A stop will attempt to gracefully shut down the operating system, which typically involves terminating all the running applications.
Chapter 11. Working With Virtual Machines 88 2. In the left navigation bar, click Instances. 3. Click Add Instance. 4. Select a zone. 5. Select a template, then follow the steps in the wizard. For more information about how the templates came to be in this list, see Chapter 13, Working with Templates .
Accessing VMs 89 virtual machine. A linked clone is also a copy of an existing virtual machine, but it has ongoing dependency on the original. A linked clone shares the virtual disk of the original VM, and retains access to all files that were present at the time the clone was created.
Chapter 11. Working With Virtual Machines 90 The default format of the internal name is i-<user_id>-<vm_id>-<instance.name>, where instance.
Affinity Groups 91 • Host tags. The administrator can assign tags to hosts. These tags can be used to specify which host a VM should use. The CloudPlatform administrator decides whether to define host tags, then create a service offering using those tags and offer it to the user.
Chapter 11. Working With Virtual Machines 92 5. Click the Change Affinity button. View Members of an Affinity Group To see which VMs are currently assigned to a particular affinity group: 1. In the left navigation bar, click Affinity Groups. 2. Click the name of the group you are interested in.
Limitations on VM Snapshots 93 11.9.1. Limitations on VM Snapshots • If a VM has some stored snapshots, you can't attach new volume to the VM or delete any existing volumes. If you change the volumes on the VM, it would become impossible to restore the VM snapshot which was created with the previous volume structure.
Chapter 11. Working With Virtual Machines 94 Note If a snapshot is already in progress, then clicking this button will have no effect. 5. Provide a name and description. These will be displayed in the VM Snapshots list. 6. (For running VMs only) If you want to include the VM's memory in the snapshot, click the Memory checkbox.
Changing the Service Offering for a VM 95 6. Make the desired changes to the following: • Display name : Enter a new display name if you want to change the name of the VM. • OS Type : Select the desired operating system. • Group : Enter the group name for the VM.
Chapter 11. Working With Virtual Machines 96 with previous versions will not have the dynamic scaling capability unless you update them using the following procedure.
Resetting the Virtual Machine Root Volume on Reboot 97 • When scaling memory or CPU for a Linux VM on VMware, you might need to run scripts in addition to the other steps mentioned above. For more information, see Hot adding memory in Linux (1012764) 2 in the VMware Knowledge Base.
Chapter 11. Working With Virtual Machines 98 Note If the VM's storage has to be migrated along with the VM, this will be noted in the host list. CloudPlatform will take care of the storage migration for you. 6. Click OK. 11.14. Deleting VMs Users can delete their own virtual machines.
Adding an ISO 99 contains an OS image. CloudPlatform allows a user to boot a guest VM off of an ISO image. Users can also attach ISO images to guest VMs. For example, this enables installing PV drivers into Windows. ISO images are not hypervisor-specific.
Chapter 11. Working With Virtual Machines 100 Note It is not recommended to choose an older version of the OS than the version in the image. For example, choosing CentOS 5.4 to support a CentOS 6.2 image will usually not work. In these cases, choose Other.
Changing a VM's Base Image 101 type of image). When this call occurs, the VM's root disk is first destroyed, then a new root disk is created from the source designated in the template ID parameter. The new root disk is attached to the VM, and now the VM is based on the new template.
102.
Chapter 12. 103 Working With Hosts 12.1. Adding Hosts Additional hosts can be added at any time to provide more capacity for guest VMs. For requirements and instructions, see Section 8.6, “Adding a Host” . 12.2. Scheduled Maintenance and Maintenance Mode for Hosts You can place a host into maintenance mode.
Chapter 12. Working With Hosts 104 1. In the Resources pane, select the server, then do one of the following: • Right-click, then click Enter Maintenance Mode on the shortcut menu. • On the Server menu, click Enter Maintenance Mode. 2. Click Enter Maintenance Mode.
Removing XenServer and KVM Hosts 105 12.4.1. Removing XenServer and KVM Hosts A node cannot be removed from a cluster until it has been placed in maintenance mode. This will ensure that all of the VMs on it have been migrated to other Hosts. To remove a Host from the cloud: 1.
Chapter 12. Working With Hosts 106 orchestrate. CloudPlatform can automatically understand the UCS environment, server profiles, etc. so CloudPlatform administrators can deploy a bare metal OS on a Cisco UCS. An overview of the steps involved in using UCS with CloudPlatform: 1.
Disassociating a Profile from a UCS Blade 107 6. Click the name of the UCS Manager. A list is displayed that shows the names of the blades that are installed under the selected manager. 7. In the Actions column, click the Associate Profile icon. 8. In the dialog, select the name of the profile you want to associate with this blade, then click OK.
Chapter 12. Working With Hosts 108 mysql> select id from cloud.host where name like '%h%'; 4. This should return a single ID. Record the set of such IDs for these hosts. 5. Update the passwords for the host in the database. In this example, we change the passwords for hosts with IDs 5, 10, and 12 to "password".
Limitations on Over-Provisioning in XenServer and KVM 109 12.9.1. Limitations on Over-Provisioning in XenServer and KVM • In XenServer, due to a constraint of this hypervisor, you can not use an over-provisioning factor greater than 4. • The KVM hypervisor can not manage memory allocation to VMs dynamically.
Chapter 12. Working With Hosts 110 done, CloudPlatform recalculates or scales the used and reserved capacities based on the new over- provisioning ratios, to ensure that CloudPlatform is correctly tracking the amount of free capacity.
VLAN Allocation Example 111 CloudPlatform manages VLANs differently based on hypervisor type. For XenServer or KVM, the VLANs are created on only the hosts where they will be used and then they are destroyed when all guests that require them have been terminated or moved to another host.
Chapter 12. Working With Hosts 112 5. Click Physical Network. 6. In the Guest node of the diagram, click Configure. 7. Click Edit The VLAN Ranges field now be editable. 8. Enter the start and end of the VLAN range. If you have multiple ranges, separate them by a comma.
Chapter 13. 113 Working with Templates A template is a reusable configuration for virtual machines. When users launch VMs, they can choose from a list of templates in CloudPlatform.
Chapter 13. Working with Templates 114 A default template is provided for each of XenServer, KVM, and vSphere. The templates that are downloaded depend on the hypervisor type that is available in your cloud. Each template is approximately 2.5 GB physical size.
Creating a Template from a Snapshot 115 • Name and Display Text . These will be shown in the UI, so choose something descriptive. • OS Type . This helps CloudPlatform and the hypervisor perform certain operations and make assumptions that improve the performance of the guest.
Chapter 13. Working with Templates 116 Templates are uploaded based on a URL. HTTP is the supported access protocol. Templates are frequently large files. You can optionally gzip them to decrease upload times. To upload a template: 1. In the left navigation bar, click Templates.
Exporting Templates 117 13.9. Exporting Templates End users and Administrators may export templates from the CloudPlatform. Navigate to the template in the UI and choose the Download function from the Actions menu. 13.10. Creating a Windows Template Windows templates must be prepared with Sysprep before they can be provisioned on multiple machines.
Chapter 13. Working with Templates 118 1. Download and install the Windows AIK Note Windows AIK should not be installed on the Windows 2008 R2 VM you just created. Windows AIK should not be part of the template you create. It is only used to create the sysprep answer file.
System Preparation for Windows Server 2008 R2 119 b. You need to automate the Software License Terms Selection page, otherwise known as the End-User License Agreement (EULA). To do this, expand the Microsoft-Windows-Shell-Setup component. High-light the OOBE setting, and add the setting to the Pass 7 oobeSystem.
Chapter 13. Working with Templates 120 c. Make sure the license key is properly set. If you use MAK key, you can just enter the MAK key on the Windows 2008 R2 VM. You need not input the MAK into the Windows System Image Manager. If you use KMS host for activation you need not enter the Product Key.
System Preparation for Windows Server 2003 R2 121 You may read the AIK documentation and set many more options that suit your deployment. The steps above are the minimum needed to make Windows unattended setup work. 8. Save the answer file as unattend.
Chapter 13. Working with Templates 122 a. Select Create New to create a new Answer File. b. Enter “Sysprep setup” for the Type of Setup. c. Select the appropriate OS version and edition. d. On the License Agreement screen, select “Yes fully automate the installation”.
Importing Amazon Machine Images 123 You need to have a XenServer host with a file-based storage repository (either a local ext3 SR or an NFS SR) to convert to a VHD once the image file has been customized on the Centos/Fedora host. Note When copying and pasting a command, be sure the command has pasted as a single line before executing.
Chapter 13. Working with Templates 124 # cat etc/fstab /dev/xvda / ext3 defaults 1 1 /dev/xvdb /mnt ext3 defaults 0 0 none /dev/pts devpts gid=5,mode=620 0 0 none /proc proc defaults 0 0 none /sys sysfs defaults 0 0 7. Enable login via the console. The default console device in a XenServer system is xvc0.
Converting a Hyper-V VM to a Template 125 # scp CentOS_6.2_x64 xenhost:/var/run/sr-mount/a9c5b8c8-536b-a193-a6dc-51af3e5ff799/ 15. Log in to the Xenserver and create a VDI the same size as the image. [root@xenhost ~]# cd /var/run/sr-mount/a9c5b8c8-536b-a193-a6dc-51af3e5ff799 [root@xenhost a9c5b8c8-536b-a193-a6dc-51af3e5ff799]# ls -lh CentOS_6.
Chapter 13. Working with Templates 126 3. Name the VM, choose the NFS VHD SR under Storage, enable "Run Operating System Fixups" and choose the NFS ISO SR. 4. Click Next, then Finish. A VM should be created. Option two: 1. Run XenConvert, under From choose VHD, under To choose XenServer.
Linux OS Installation 127 new password to the virtual router for the account. Thus an instance reboot is necessary to effect any password changes. If the script is unable to contact the virtual router during instance boot it will not set the password but boot will continue normally.
128.
Chapter 14. 129 Working With Storage 14.1. Storage Overview CloudPlatform defines two types of storage: primary and secondary. Primary storage can be accessed by either iSCSI or NFS. Additionally, direct attached storage may be used for primary storage.
Chapter 14. Working With Storage 130 VMware vSphere Citrix XenServer KVM Oracle VM Fiber Channel support VMFS Yes, via Existing SR Yes, via Shared Mountpoint No NFS support Y Y Y Y Local storage suppo.
Maintenance Mode for Primary Storage 131 14.2.5. Maintenance Mode for Primary Storage Primary storage may be placed into maintenance mode. This is useful, for example, to replace faulty RAM in a storage device. Maintenance mode for a storage device will first stop any new guests from being provisioned on the storage device.
Chapter 14. Working With Storage 132 Then log in to the CloudPlatform UI and stop and start (not reboot) the Secondary Storage VM for that Zone. 14.3.3. Changing Secondary Storage Servers You can change the secondary storage NFS mount. Perform the following steps to do so: 1.
Uploading an Existing Volume to a Virtual Machine 133 local data volumes can be attached to virtual machines, detached, re-attached, and deleted just as with the other types of data volume. Local storage is ideal for scenarios where persistence of data volumes and HA is not required.
Chapter 14. Working With Storage 134 4. Click Upload Volume. 5. Provide the following: • Name and Description. Any desired name and a brief description that can be shown in the UI. • Availability Zone. Choose the zone where you want to store the volume.
Detaching and Moving Volumes 135 14.4.4. Detaching and Moving Volumes Note This procedure is different from moving volumes from one storage pool to another as described in Section 14.4.5, “VM Storage Migration” . A volume can be detached from a guest VM and attached to another guest.
Chapter 14. Working With Storage 136 Note Because of a limitation in VMware, live migration of storage for a VM is allowed only if the source and target storage pool are accessible to the source host; that is, the host where the VM is running when the live migration operation is requested.
Resizing Volumes 137 1. Log in to the CloudPlatform UI as a user or admin. 2. In the left navigation bar, click Instances, and click the VM name. 3. (KVM only) Stop the VM. 4. Click the Migrate button and choose the destination from the dropdown list.
Chapter 14. Working With Storage 138 4. Select the volume name in the Volumes list, then click the Resize Volume button 5. In the Resize Volume pop-up, choose desired characteristics for the storage. a. If you select Custom Disk, specify a custom size.
Automatic Snapshot Creation and Retention 139 CloudPlatform supports snapshots of disk volumes. Snapshots are a point-in-time capture of virtual machine disks. Memory and CPU states are not captured. If you are using the Oracle VM hypervisor, you can not take snapshots, since OVM does not support them.
Chapter 14. Working With Storage 140 When a snapshot is taken manually, a snapshot is always created regardless of whether a volume has been active or not. 14.5.4. Snapshot Restore There are two paths to restoring snapshots. Users can create a volume from the snapshot.
Chapter 15. 141 Working with Usage The Usage Server is an optional, separately-installed part of CloudPlatform that provides aggregated usage records which you can use to create billing integration for CloudPlatform.
Chapter 15. Working with Usage 142 Parameter Name Description Default: The time zone of the management server. usage.sanity.check.interval The number of days between sanity checks. Set this in order to periodically search for records with erroneous data before issuing customer invoices.
Setting Usage Limits 143 • enable.usage.server = true • usage.execution.timezone = America/New_York • usage.stats.job.exec.time = 07:00. This will run the Usage job at 2:00 AM EST. Note that this will shift by an hour as the East Coast of the U.
Chapter 15. Working with Usage 144 Parameter Name Description max.account.primary.storage (GB) Maximum primary storage space that can be used for an account. Default is 20*10. max.account.secondary.storage (GB) Maximum secondary storage space that can be used for an account.
Default Account Resource Limits 145 Parameter Name Definition max.volume.size.gb Maximum size for a volume in GB network.throttling.rate The default data transfer rate in megabits per second allowed in network. snapshot.max.hourly Maximum recurring hourly snapshots to be retained for a volume.
Chapter 15. Working with Usage 146 15.2.3. Per-Domain Limits CloudPlatform allows the configuration of limits on a domain basis. With a domain limit in place, all users still have their account limits. They are additionally limited, as a group, to not exceed the resource limits set on their domain.
Chapter 16. 147 Managing Networks and Traffic In a CloudPlatform, guest VMs can communicate with each other using shared infrastructure with the security and user perception that the guests have a private LAN. The CloudPlatform virtual router is the main component providing networking features for guest traffic.
Chapter 16. Managing Networks and Traffic 148 Servers are connected as follows: • Storage devices are connected to only the network that carries management traffic. • Hosts are connected to networks for both management traffic and public traffic. • Hosts are also connected to one or more networks carrying guest traffic.
Basic Zone Physical Network Configuration 149 A firewall for management traffic operates in the NAT mode. The network typically is assigned IP addresses in the 192.168.0.0/16 Class B private address space. Each pod is assigned IP addresses in the 192.
Chapter 16. Managing Networks and Traffic 150 1. In the left navigation, choose Infrastructure. On Zones, click View More, then click the zone to which you want to add a network. 2. Click the Network tab. 3. Click Add Isolated Guest Network. The Add Isolated Guest Network window is displayed: 4.
Configuring a Shared Guest Network 151 16.5.3. Configuring a Shared Guest Network 1. Log in to the CloudPlatform UI as administrator. 2. In the left navigation, choose Infrastructure. 3. On Zones, click View More. 4. Click the zone to which you want to add a guest network.
Chapter 16. Managing Networks and Traffic 152 • Network Domain : A custom DNS suffix at the level of a network. If you want to assign a special domain name to the guest VM network, specify a DNS suffix. 11. Click OK to confirm. 16.6. Using Security Groups to Control Traffic to VMs 16.
Enabling Security Groups 153 16.6.3. Enabling Security Groups In order for security groups to function in a zone, the security groups feature must first be enabled for the zone. The administrator can do this when creating a new zone, by selecting a network offering that includes security groups.
Chapter 16. Managing Networks and Traffic 154 • Account, Security Group . (Add by Account only) To accept only traffic from another security group, enter the CloudPlatform account and name of a security group that has already been defined in that account.
About Using a NetScaler Load Balancer 155 An external Juniper SRX or Cisco ASA can be used for: • Source NAT • Static NAT • Firewall • Port forwarding A NetScaler or F5 can be used for: • Load balancing For details about installing and setting up these external network service providers, see the CloudPlatform Installation Guide.
Chapter 16. Managing Networks and Traffic 156 NetScaler ADC Type Description of Capabilities CloudPlatform Supported Features act as application firewall and load balancer supported without limitation. In basic zones, static NAT, elastic IP (EIP), and elastic load balancing (ELB) are also provided.
Initial Setup of External Firewalls and Load Balancers 157 # sec.name source community com2sec local localhost public com2sec mynetwork 0.0.0.0 public Note Setting to 0.0.0.0 allows all IPs to poll the NetScaler server. b. Map the security names into group names: # group.
Chapter 16. Managing Networks and Traffic 158 The following objects are created on the load balancer: • A new VLAN that matches the account's provisioned Zone VLAN • A self IP for the VLAN. This is always the second IP of the account's private subnet (e.
Configuring AutoScale 159 6. In the Load Balancing node of the diagram, click View All. In a Basic zone, you can also create a load balancing rule without acquiring or selecting an IP address. CloudPlatform internally assigns an IP when you create the load balancing rule, which is listed in the IP Addresses page when the rule is created.
Chapter 16. Managing Networks and Traffic 160 VMs automatically and launching new VMs when you need them, without the need for manual intervention. NetScaler AutoScaling is designed to seamlessly launch or terminate VMs based on user-defined conditions.
Configuring AutoScale 161 Configuration Specify the following: • Template : A template consists of a base OS image and application. A template is used to provision the new instance of an application on a scaleup action.
Chapter 16. Managing Networks and Traffic 162 Note If an application, such as SAP, running on a VM instance is down for some reason, the VM is then not counted as part of Min Instance parameter, and the AutoScale feature initiates a scaleup action if the number of active VM instances is below the configured value.
Configuring AutoScale 163 • Polling interval : Frequency in which the conditions, combination of counter, operator and threshold, are to be evaluated before taking a scale up or down action. The default polling interval is 30 seconds. • Quiet Time : This is the cool down period after an AutoScale action is initiated.
Chapter 16. Managing Networks and Traffic 164 Runtime Considerations • An administrator should not assign a VM to a load balancing rule which is configured for AutoScale.
Global Server Load Balancing 165 You can delete or modify existing health check policies. To configure how often the health check is performed by default, use the global configuration setting healthcheck.update.interval (default value is 600 seconds).
Chapter 16. Managing Networks and Traffic 166 • Load Balancing or Content Switching Virtual Servers : According to Citrix NetScaler terminology, a load balancing or content switching virtual server represents one or many servers on the local network.
Configuring GSLB 167 Tenant-A wishes to leverage the GSLB service provided by the xyztelco cloud. Tenant-A configures a GSLB rule to load balance traffic across virtual server 1 at Zone-1 and virtual server 2 at Zone-2. The domain name is provided as A.
Chapter 16. Managing Networks and Traffic 168 To configure GSLB in your cloud environment, as a cloud administrator you must first configure a standard load balancing setup for each zone. This enables to balance load across different servers in each zone in the region.
Configuring GSLB 169 3. In each zone that are participating in GSLB, add GSLB-enabled NetScaler device. For more information, see Section 16.9.2.2, “Enabling GSLB in NetScaler” . On CloudPlatform side, perform the following as a domain administrator or user: 1.
Chapter 16. Managing Networks and Traffic 170 3. In Zones, click View More. 4. Choose the zone you want to work with. 5. Click the Physical Network tab, then click the name of the physical network. 6. In the Network Service Providers node of the diagram, click Configure.
Configuring GSLB 171 6. Specify the following: • Name : Name for the GSLB rule. • Description : (Optional) A short description of the GSLB rule that can be displayed to users. • GSLB Domain Name : A preferred domain name for the service. • Algorithm : (Optional) The algorithm to use to load balance the traffic across the zones.
Chapter 16. Managing Networks and Traffic 172 7. Click assign more load balancing. 8. Select the load balancing rule you have created for the zone. 9. Click OK to confirm. 16.10. Using Multiple Guest Networks In zones that use advanced networking, additional networks for guest traffic may be added at any time after the initial installation.
Reconfiguring Networks in VMs 173 This feature is supported on XenServer, VMware, and KVM hypervisors. 16.10.2.1. Prerequisites For adding or removing networks to work, ensure that vm-tools are running on the guest VMs on VMware host. 16.10.2.2. Adding a Network 1.
Chapter 16. Managing Networks and Traffic 174 2. In the left navigation, click Instances. 3. Choose the VM that you want to work with. 4. Click the NICs tab. 5. Locate the NIC you want to work with. 6. Click the Set default NIC button. 7. Click Yes to confirm.
Reserving Public IP Addresses and VLANs for Accounts 175 16.14. Reserving Public IP Addresses and VLANs for Accounts CloudPlatform provides you the ability to reserve a set of public IP addresses and VLANs exclusively for an account. During zone creation, you can continue defining a set of VLANs and multiple public IP ranges.
Chapter 16. Managing Networks and Traffic 176 • Domain : The domain associated with the account. To create a new IP range and assign an account, perform the following: a. Specify the following: • Gateway • Netmask • VLAN • Start IP • End IP • Account : Perform the following: i.
IP Reservation in Isolated Guest Networks 177 • Domain : The domain associated with the account. 16.15. IP Reservation in Isolated Guest Networks In isolated guest networks, a part of the guest IP address space can be reserved for non- CloudPlatform VMs or physical servers.
Chapter 16. Managing Networks and Traffic 178 Case CIDR Network CIDR Reserved IP Range for Non- CloudPlatform VMs Description CIDR field in the UI. 3 10.1.1.0/24 None None Removing IP Reservation by the UpdateNetwork API with guestvmcidr=10.1.1.0/24 or enter 10.
Use Cases 179 supported on all the network configurations—Basic, Advanced, and VPC. Security Groups, Static NAT and Port forwarding services are supported on these additional IPs. As always, you can specify an IP from the guest subnet; if not specified, an IP is automatically picked up from the guest VM subnet.
Chapter 16. Managing Networks and Traffic 180 passed, NAT is configured on the specified private IP of the VM. if not passed, NAT is configured on the primary IP of the VM.
About Elastic IP 181 10. Specify the following: All the fields are mandatory. • Gateway : The gateway for the tier you create. Ensure that the gateway is within the Super CIDR range that you specified while creating the VPC, and is not overlapped with the CIDR of any existing tier within the VPC.
Chapter 16. Managing Networks and Traffic 182 services if a NetScaler device is deployed in your zone. Consider the following illustration for more details. In the illustration, a NetScaler appliance is the default entry or exit point for the CloudPlatform instances, and firewall is the default entry or exit point for the rest of the data center.
Portable IPs 183 Note Inbound NAT (INAT) is a type of NAT supported by NetScaler, in which the destination IP address is replaced in the packets from the public network, such as the Internet, with the private IP address of a VM in the private network.
Chapter 16. Managing Networks and Traffic 184 The salient features of Portable IP are as follows: • IP is statically allocated • IP need not be associated with a network • IP association is tran.
Transferring Portable IP 185 6. Specify whether you want cross-zone IP or not. 7. Click Yes in the confirmation dialog. Within a few moments, the new IP address should appear with the state Allocated. You can now use the IP address in port forwarding or static NAT rules.
Chapter 16. Managing Networks and Traffic 186 5. Click the IP address you want to work with. 6. Click the Static NAT button. The button toggles between Enable and Disable, depending on whether static NAT is currently enabled for the IP address.
Egress Firewall Rules in an Advanced Zone 187 2. In the left navigation, choose Network. 3. In Select view, choose Guest networks, then click the Guest network you want.
Chapter 16. Managing Networks and Traffic 188 a. Log in with admin privileges to the CloudPlatform UI. b. In the left navigation bar, click Service Offerings. c. In Select Offering, choose Network Offering. d. Click Add Network Offering. e. In the dialog, make necessary choices, including firewall provider.
Port Forwarding 189 • ICMP Type and ICMP Code . Used only if Protocol is set to ICMP. Provide the type and code required by the ICMP protocol to fill out the ICMP header. Refer to ICMP documentation for more details if you are not sure what to enter 7.
Chapter 16. Managing Networks and Traffic 190 • Least connection • Source IP This is similar to port forwarding but the destination may be multiple IP addresses. 16.23. DNS and DHCP The Virtual Router provides DNS and DHCP services to the guests. It proxies DNS requests to the DNS server configured on the Availability Zone.
Using Remote Access VPN with Windows 191 • remote.access.vpn.psk.length – Length of the IPSec key. • remote.access.vpn.user.limit – Maximum number of VPN users per account. To enable VPN for a particular network: 1. Log in as a user or administrator to the CloudPlatform UI.
Chapter 16. Managing Networks and Traffic 192 12. Enter the user name and password from step 1 . 16.24.3. Using Remote Access VPN with Mac OS X First, be sure you've configured the VPN settings in your CloudPlatform install. This section is only concerned with connecting via Mac OS X to your VPN.
Setting Up a Site-to-Site VPN Connection 193 Note In addition to the specific Cisco and Juniper devices listed above, the expectation is that any Cisco or Juniper device running on the supported operating systems are able to establish VPN connections.
Chapter 16. Managing Networks and Traffic 194 Provide the following information: • Name : A unique name for the VPN customer gateway you create. • Gateway : The IP address for the remote gateway. • CIDR list : The guest CIDR list of the remote subnets.
Setting Up a Site-to-Site VPN Connection 195 Note The IKE peers (VPN end points) authenticate each other by computing and sending a keyed hash of data that includes the Preshared key.
Chapter 16. Managing Networks and Traffic 196 Note When PFS is turned on, for every negotiation of a new phase-2 SA the two gateways must generate a new set of phase-1 keys.
Setting Up a Site-to-Site VPN Connection 197 The VPC page is displayed where all the tiers you created are listed in a diagram. 5. Click the Settings icon.
Chapter 16. Managing Networks and Traffic 198 All the VPCs that you create for the account are listed in the page. 4. Click the Configure button of the VPC to which you want to deploy the VMs. The VPC page is displayed where all the tiers you created are listed in a diagram.
Setting Up a Site-to-Site VPN Connection 199 • Gateway • State • IPSec Preshared Key • IKE Policy • ESP Policy 16.24.4.4. Restarting and Removing a VPN Connection 1. Log in to the CloudPlatform UI as an administrator or end user. 2. In the left navigation, choose Network.
Chapter 16. Managing Networks and Traffic 200 9. To remove a VPN connection, click the Delete VPN connection button To restart a VPN connection, click the Reset VPN connection button present in the Details tab.
Prerequisites 201 • Understanding Private VLANs 8 • Cisco Systems' Private VLANs: Scalable Security in a Multi-Client Environment 9 • Private VLAN (PVLAN) on vNetwork Distributed Switch - Concept Overview (1010691) 10 16.25.2. Prerequisites • Use a PVLAN supported switch.
Chapter 16. Managing Networks and Traffic 202 9. Click Add guest network. The Add guest network window is displayed. 10. Specify the following: • Name : The name of the network. This will be visible to the user. • Description : The short description of the network that can be displayed to users.
About Inter-VLAN Routing 203 This feature is supported on XenServer and VMware hypervisors. The major advantages are: • The administrator can deploy a set of VLANs and allow users to deploy VMs on these VLANs. A guest VLAN is randomly alloted to an account from a pre-specified set of guest VLANs.
Chapter 16. Managing Networks and Traffic 204 To set up a multi-tier Inter-VLAN deployment, see Section 16.27, “Configuring a Virtual Private Cloud” . 16.27. Configuring a Virtual Private Cloud 16.27.1. About Virtual Private Clouds CloudPlatform Virtual Private Cloud is a private, isolated part of CloudPlatform.
About Virtual Private Clouds 205 • Private Gateway : All the traffic to and from a private network routed to the VPC through the private gateway. For more information, see Section 16.27.5, “Adding a Private Gateway to a VPC” . • VPN Gateway : The VPC side of a VPN connection.
Chapter 16. Managing Networks and Traffic 206 • All network tiers inside the VPC should belong to the same account. • When a VPC is created, by default, a SourceNAT IP is allocated to it. The Source NAT IP is released only when the VPC is removed.
Adding Tiers 207 Provide the following information: • Name : A short name for the VPC that you are creating. • Description : A brief description of the VPC. • Zone : Choose the zone where you want the VPC to be available. • Super CIDR for Guest Networks : Defines the CIDR range for all the tiers (guest networks) within a VPC.
Chapter 16. Managing Networks and Traffic 208 Note The end users can see their own VPCs, while root and domain admin can see any VPC they are authorized to see. 4. Click the Configure button of the VPC for which you want to set up tiers. 5. Click Create network.
Configuring Network Access Control List 209 For more information, see Section 12.10.3, “Assigning VLANs to Isolated Networks” . • Netmask : The netmask for the tier you create. For example, if the VPC CIDR is 10.0.0.0/16 and the network tier CIDR is 10.
Chapter 16. Managing Networks and Traffic 210 • Virtual Machines • CIDR The following router information is displayed: • Private Gateways • Public IP Addresses • Site-to-Site VPNs • Network ACL Lists 5. Select Network ACL Lists. The following default rules are displayed in the Network ACLs page: default_allow, default_deny.
Configuring Network Access Control List 211 protocol is typically used to send error messages or network monitoring data. All supports all the traffic. Other option is Protocol Number. • Start Port , End Port (TCP, UDP only): A range of listening ports that are the destination for the incoming traffic.
Chapter 16. Managing Networks and Traffic 212 16.27.5. Adding a Private Gateway to a VPC A private gateway can be added by the root admin only. The VPC private network has 1:1 relationship with the NIC of the physical network. You can configure multiple private gateways to a single VPC.
Adding a Private Gateway to a VPC 213 8. Specify the following: • Physical Network : The physical network you have created in the zone. • IP Address : The IP address associated with the VPC gateway. • Gateway : The gateway through which the traffic is routed to and from the VPC.
Chapter 16. Managing Networks and Traffic 214 gateway to avoid IP conflicts. If Source NAT is enabled, the guest VMs in VPC reaches the enterprise network via private gateway IP address by using the NAT service. The Source NAT service on a private gateway can be enabled while adding the private gateway.
Deploying VMs to the Tier 215 16.27.5.4. Blacklisting Routes CloudPlatform enables you to block a list of routes so that they are not assigned to any of the VPC private gateways. Specify the list of routes that you want to blacklist in the blacklisted.
Chapter 16. Managing Networks and Traffic 216 For more information about how the templates came to be in this list, see Chapter 13, Working with Templates . 7. Ensure that the hardware you have allows starting the selected service offering. 8. Under Networks, select networks for the VM you are launching.
Releasing an IP Address Alloted to a VPC 217 The VPC page is displayed where all the tiers you created are listed in a diagram. The following options are displayed.
Chapter 16. Managing Networks and Traffic 218 • Static NAT • Virtual Machines • CIDR The following router information is displayed: • Private Gateways • Public IP Addresses • Site-to-Site VPNs • Network ACL Lists 5. Select Public IP Addresses.
Adding Load Balancing Rules on a VPC 219 The following router information is displayed: • Private Gateways • Public IP Addresses • Site-to-Site VPNs • Network ACL Lists 5. In the Router node, select Public IP Addresses. The IP Addresses page is displayed.
Chapter 16. Managing Networks and Traffic 220 2. Create a network offering, as given in Section 16.27.11.1.2, “Creating a Network Offering for Public LB” . 3. Create a VPC with Netscaler as the Public LB provider. For more information, see Section 16.
Adding Load Balancing Rules on a VPC 221 16.27.11.1.3. Creating a Public LB Rule 1. Log in to the CloudPlatform UI as an administrator or end user. 2. In the left navigation, choose Network. 3. In the Select view, select VPC. All the VPCs that you have created for the account is listed in the page.
Chapter 16. Managing Networks and Traffic 222 • Source • Stickiness . (Optional) Click Configure and choose the algorithm for the stickiness policy. See Sticky Session Policies for Load Balancer Rules. • Add VMs : Click Add VMs, then select two or more VMs that will divide the load of incoming traffic, and click Apply.
Adding Load Balancing Rules on a VPC 223 16.27.11.2.2. Enabling Internal LB on a VPC Tier 1. Create a network offering, as given in Section 16.27.11.2.4, “Creating an Internal LB Rule” . 2. Create an internal load balancing rule and apply, as given in Section 16.
Chapter 16. Managing Networks and Traffic 224 • Name : Any desired name for the network offering. • Description : A short description of the offering that can be displayed to users. • Network Rate : Allowed data transfer rate in MB per second. • Traffic Type : The type of network traffic that will be carried on the network.
Adding a Port Forwarding Rule on a VPC 225 • Name : A name for the load balancer rule. • Description : A short description of the rule that can be displayed to users. • Source IP Address : The source IP from which traffic originates. The IP is acquired from the CIDR of that particular tier on which you want to create the Internal LB rule.
Chapter 16. Managing Networks and Traffic 226 The IP Addresses page is displayed. 6. Click the IP address for which you want to create the rule, then click the Configuration tab. 7. In the Port Forwarding node of the diagram, click View All. 8. Select the tier to which you want to apply the rule.
Editing, Restarting, and Removing a Virtual Private Cloud 227 16.27.14. Editing, Restarting, and Removing a Virtual Private Cloud Note Ensure that all the tiers are removed before you remove a VPC. 1. Log in to the CloudPlatform UI as an administrator or end user.
Chapter 16. Managing Networks and Traffic 228 • When you create a guest network, the network offering that you select defines the network persistence.
Chapter 17. 229 Working with System Virtual Machines CloudPlatform uses several types of system virtual machines to perform tasks in the cloud. In general CloudPlatform manages these system VMs and creates, starts, and stops them as needed based on scale and immediate needs.
Chapter 17. Working with System Virtual Machines 230 The VNC traffic never goes through the guest virtual IP, and there is no need to enable VNC within the guest. The console proxy VM will periodically report its active session count to the Management Server.
Virtual Router 231 d. Convert your private key format into PKCS#8 encrypted format. openssl pkcs8 -topk8 -in yourprivate.key -out yourprivate.pkcs8.encryped.key e. Convert your PKCS#8 encrypted private key into the PKCS#8 format that is compliant with CloudPlatform openssl pkcs8 -in yourprivate.
Chapter 17. Working with System Virtual Machines 232 17.4.2. Upgrading a Virtual Router with System Service Offerings When CloudPlatform creates a virtual router, it uses default settings which are defined in a default system service offering. See Section 9.
Chapter 18. 233 System Reliability and High Availability 18.1. HA for Management Server The CloudPlatform Management Server should be deployed in a multi-node configuration such that it is not susceptible to individual server failures.
Chapter 18. System Reliability and High Availability 234 18.4. Primary Storage Outage and Data Loss When a primary storage outage occurs, all hosts in that cluster are rebooted. This ensures that affected VMs running on the hypervisor are appropriately marked as stopped.
Limitations on API Throttling 235 18.6.2. Limitations on API Throttling The following limitations exist in the current implementation of this feature. Note Even with these limitations, CloudPlatform is still able to effectively use API throttling to avoid malicious attacks causing denial of service.
236.
Chapter 19. 237 Managing the Cloud 19.1. Using Tags to Organize Resources in the Cloud A tag is a key-value pair that stores metadata about a resource in the cloud. Tags are useful for categorizing resources. For example, you can tag a user VM with a value that indicates the user's city of residence.
Chapter 19. Managing the Cloud 238 • listNetworkACLs • listStaticRoutes 19.2. Setting Configuration Parameters 19.2.1. About Configuration Parameters CloudPlatform provides a variety of settings you can use to set limits, configure features, and enable or disable features in the cloud.
Setting Global Configuration Parameters 239 Field Value host This is the IP address of the Management Server. If you are using multiple Management Servers you should enter a load balanced IP address that is reachable via the private network. default.page.
Chapter 19. Managing the Cloud 240 4. Click the name of the resource where you want to set a limit. 5. Click the Settings tab. 6. Use the search box to narrow down the list to those you are interested in. 7. In the Actions column, click the Edit icon to modify a value.
Granular Global Configuration Parameters 241 Field Field Value are sent that the available memory is below the threshold. cluster cluster.cpu.allocated.capacity.disablethreshold The percentage, as a value between 0 and 1, of CPU utilization above which allocators will disable that cluster from further usage.
Chapter 19. Managing the Cloud 242 Field Field Value because the available storage capacity is below the threshold. zone storage.overprovisioning.factor Used for storage over- provisioning calculation; available storage will be the mathematical product of actualStorageSize and storage.
Customizing Alerts with Global Configuration Settings 243 For a list of CloudPlatform alerts, see Appendix B, Alerts . For the most up-to-date list, call the listAlerts API.
Chapter 19. Managing the Cloud 244 Each SNMP trap contains the following information: message, podId, dataCenterId, clusterId, and generationTime. 19.4.
Customizing the Network Domain Name 245 </appender> The following example shows how to configure two Syslog managers at IP addresses 10.1.1.1 and 10.1.1.2. Substitute your own IP addresses. You can set Facility to any syslog-defined value, such as LOCAL0 - LOCAL7.
Chapter 19. Managing the Cloud 246 • For all networks, if a network domain is specified as part of a network's own configuration, that value is used.
Chapter 20. 247 CloudPlatform API The CloudPlatform API is a low level API that has been used to implement the CloudPlatform web UIs. It is also a good basis for implementing other popular APIs such as EC2/S3 and emerging DMTF standards. Many CloudPlatform API calls are asynchronous.
Chapter 20. CloudPlatform API 248 • local-hostname. The hostname of the VM • public-ipv4. The first public IP for the router. (E.g. the first IP of eth2) • public-hostname.
Chapter 21. 249 Tuning This section provides tips on how to improve the performance of your cloud. 21.1. Performance Monitoring Host and guest performance monitoring is available to end users and administrators.
Chapter 21. Tuning 250 For more information about the buffer pool, see "The InnoDB Buffer Pool" at MySQL Reference Manual 2 . 21.4. Set and Monitor Total VM Limits per Host The CloudPlatform.
Chapter 22. 251 Troubleshooting 22.1. Events An event is essentially a significant or meaningful change in the state of both virtual and physical resources associated with a cloud environment.
Chapter 22. Troubleshooting 252 Configuration As a CloudPlatform administrator, perform the following one-time configuration to enable event notification framework. At run time no changes can control the behaviour. 1. Open 'componentContext.xml .
Event Log Queries 253 • INFO. This event is generated when an operation has been successfully performed. • WARN. This event is generated in the following circumstances. • When a network is disconnected while monitoring a template download. • When a template download is abandoned.
Chapter 22. Troubleshooting 254 22.1.6.1. Permissions Consider the following: • The root admin can delete or archive one or multiple alerts or events. • The domain admin or end user can delete or archive one or multiple events. 22.1.6.2. Procedure 1.
Log Collection Utility cloud-bugtool 255 22.3. Log Collection Utility cloud-bugtool CloudPlatform provides a command-line utility called cloud-bugtool to make it easier to collect the logs and other diagnostic data required for troubleshooting. This is especially useful when interacting with Citrix Technical Support.
Chapter 22. Troubleshooting 256 Cause It is possible that a client from outside the intended pool has mounted the storage. When this occurs, the LVM is wiped and all data in the volume is lost Solution When setting up LUN exports, restrict the range of IP addresses that are allowed access by specifying a subnet mask.
Unable to deploy VMs from uploaded vSphere template 257 Cause The CloudPlatform administrator UI was used to place the host in scheduled maintenance mode. This mode is separate from vCenter's maintenance mode. Solution Use vCenter to place the host in maintenance mode.
Chapter 22. Troubleshooting 258 VMware Knowledge Base Article 1 22.9. Load balancer rules fail after changing network offering Symptom After changing the network offering on a network, load balancer rules stop working.
259 Appendix A. Event Types VM.CREATE TEMPLATE.EXTRACT SG.REVOKE.INGRESS VM.DESTROY TEMPLATE.UPLOAD HOST.RECONNECT VM.START TEMPLATE.CLEANUP MAINT.CANCEL VM.STOP VOLUME.CREATE MAINT.CANCEL.PS VM.REBOOT VOLUME.DELETE MAINT.PREPARE VM.UPGRADE VOLUME.ATTACH MAINT.
260.
261 Appendix B. Alerts The following is the list of alert type numbers. The current alerts can be found by calling the listAlerts API command. MEMORY = 0 // Available Memory below configured threshold.
Appendix B. Alerts 262 STORAGE_DELETE = 20 // Failed to delete storage pool UPDATE_RESOURCE_COUNT = 21 // Failed to update the resource count USAGE_SANITY_RESULT = 22 // Usage Sanity Check failed DIRE.
An important point after buying a device Citrix Systems 4.2 (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought Citrix Systems 4.2 yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data Citrix Systems 4.2 - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, Citrix Systems 4.2 you will learn all the available features of the product, as well as information on its operation. The information that you get Citrix Systems 4.2 will certainly help you make a decision on the purchase.
If you already are a holder of Citrix Systems 4.2, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime Citrix Systems 4.2.
However, one of the most important roles played by the user manual is to help in solving problems with Citrix Systems 4.2. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device Citrix Systems 4.2 along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center