Designing CloudStack CloudsGeoff Higginbottom

CTO ShapeBlue

geoff.higginbottom@shapeblue.com

Twitter: @CloudStackGuru

@shapeblue #ccceu14

Cloud Architect & ShapeBlue CTO

Specialise in…. Designing & Building Clouds based on Apache CloudStack / Citrix

CloudPlatform

Developing CloudStack training

Blogging and sharing CloudStack knowledge

Involved with CloudStack before donation to Apache

Designed Clouds for Cloudera, SunGard, Ascenty, BskyB, Trader Media, M5 Hosting, Team Cymru, Interoute, University of Pennsylvania and many many more…

CloudStack Committer

About Me

@shapeblue #ccceu14

“ShapeBlue are expert builders of public & private clouds. They are the leading global

Apache CloudStack integrator & consultancy”

About ShapeBlue

@shapeblue #ccceu14

WHY?

@shapeblue #ccceu14

Type of Cloud

Public

Enterprise

Test & Dev

@shapeblue #ccceu14

Requirements

Type

Scale

Workloads

Portal

Integration

Bursting

Preferred Technologies

Existing Skills

Managed Services

Security

Monitoring

Logging

SLAs

Storage Time Scales

User Experience

Templates

@shapeblue #ccceu14

Design Team

Marketing

Product Development

Billing

Networking

Storage

Compute

CloudStack ‘Expert’QA / Testing

Support

Decision Makers

@shapeblue #ccceu14

Design Team need to understand CloudStack, so train them first

Training

@shapeblue #ccceu14

Design Cycle

Design is a reiterative process, with some design decisions impacting on others

@shapeblue #ccceu14

Scale

@shapeblue #ccceu14

Workloads

Enterprise Workloads should be a known quantity

Public Cloud Workloads are unknown

@shapeblue #ccceu14

VM Profiles

Memory

CPU

Storage Capacity

Storage IOPS

Hypervisor Overhead

Storage Performance

Network Performance

Capacity Calculations

@shapeblue #ccceu14

Hypervisor Selection and Decisions in CloudStack by Tim Mackey http://open.citrix.com/cloud-computing-vids/video/latest/hypervisor-

selection-and-decisions-in-cloudstack-by-tim-mackey.html

Existing Skills

Feature Comparison Zone Type, Snapshots, VXLAN, IPv6, SDN, VPC, PVLAN, Storage

Licensing Costs

Supportability

Traditional Server vs Blades

More than one – Hypervisor Agnostic

Hypervisor Choice

@shapeblue #ccceu14

Heavily influenced by Requirements, Scale, and Zone modes

Is often the driver for other technology choices

Avoid single points of failure

Keep it simple

Networking

@shapeblue #ccceu14

‘One size sits fits all’ may not be the best approach

Each Zone can be a different Network Type

Basic

Basic + Security Groups

Basic + Security Groups + EIP / ELB

Advanced

Advanced + Security Groups

Zone Networking Modes

@shapeblue #ccceu14

How many NICs

10GB / 1GB

Bonding / Multipath

Converged

Traffic Allocations Management

Guest

Public

Storage

High Bandwidth Services

Hypervisor Networking

@shapeblue #ccceu14

Primary Storage Local

Lack of HA

Shared NFS

iSCSI

Fibre Channel

Performance is critical, IOPS are king

Storage

@shapeblue #ccceu14

Secondary Storage

NFS

S3

Swift

Storage

@shapeblue #ccceu14

Resource Allocation

All Public

Some Public, Some Dedicated

All Dedicated

Reseller Model

Account/Domain Relationship

1-to-1

1-to-many

Domains and Accounts

@shapeblue #ccceu14

Allocate resources to VMs

CPU

RAM

Storage Performance

Tagging

Cost associated with them

Public or Private (linked to Domains)

Keep them realistic

Service Offerings

@shapeblue #ccceu14

Pre-Defined VM images

Base OS, or fully installed Apps

Licensing (RHEL, Windows)

Self Build via ISOs

Allow user generated Public?

Allow user upload / download?

Lifecycle Management

Templates & ISOs

@shapeblue #ccceu14

Define test and acceptance criteria

Develop test plans (manual UI and scripted API)

Run tests to confirm initial build is good

Use tests for testing future upgrades and expansions

Testing

@shapeblue #ccceu14

Add on Services

Billing

Object Storage

VM Monitoring

Managed Services

Backup

Anti Virus

@shapeblue #ccceu14

Management Farm

CloudStack Management

SQL DB

LDAP

DNS

Load Balancers

Portal

Billing

Monitoring

3rd Party Services

Automation

Admin

vCenter

@shapeblue #ccceu14

CS

Man

agem

en

t Se

rver

s

CS

MyS

ql S

erv

ers

Net

Sca

ler

VP

Xs

CM

Au

tom

ati

on

Se

rver

De

plo

ymen

t Se

rve

r

Am

ysta

Ap

p S

erv

er

Am

ysta

MyS

QL

Serv

er

Management Hosts

Compute Hosts

Secondary Primary

DC1 Software Management Farm

Guest Networks (Multiple VLANs)

Public Networks (Multiple VLANs)

DC1 Compute

Management Network

Secondary Storage Network (NFS) Primary Storage Network (iSCSI or NFS)

Management VMs Storage Network

CS

Man

agem

en

t Se

rver

s

CS

MyS

ql S

erv

ers

Net

Sca

ler

VP

Xs

CM

Au

tom

ati

on

Se

rver

De

plo

ymen

t Se

rve

r

Am

ysta

Ap

p S

erv

er

Am

ysta

MyS

QL

Serv

er

Core Network

Management HostsManagement VMs

Storage Network

Compute HostsGuest Networks (Multiple VLANs)

Public Networks (Multiple VLANs)

Primary Secondary

Primary Storage Network (iSCSI or NFS) Secondary Storage Network (NFS)

Users Portal Access

WWW WWW

Tennant 1 Tennant 2 Tennant 3

WWW

Tennant 1 Tennant 2 Tennant 3

Private Cloud Tennant VMs on Compute in either DC1 or DC2Each Network is isolated via VLANs or SDN technologies.

Public Cloud Tennant VMs on Compute in either DC1 or DC2

Each Tennant has an Isolated Network protected by Virtual Router/Firewall.

Each Network is isolated via VLANs or SDN technologies.

Virtual Routers Public Networks are connected directly to the Internet enabling users to have full control of Firewall & Load Balancing features.

DC2 Compute

DC2 Software Management Farm

Virtual Routers

Guest Networks

Guest VMs

Public Network(s)

Management Network

Client access to Portal is Global Load Balanced by Citrix NetScaler VPXs running on Management Farm using One-Arm Configurations

Firewall functionality should be provided by

existing Firewalls running in HA Pair

Direct Access to Virtual Routers

1.0 15/08/13 1st release G Higginbottom / G SirettVer Date Description Issuer/ Reviewer

Example Logical Network Diagram Dual Zone

Ne

two

rkD

iagram

@shapeblue #ccceu14

Production Very Strict Configuration Management

Pre-Production

Same design as Production

Smaller, but with all key components

Strict Configuration Management

Testing

Probably gets rebuilt every few months

Just the one Cloud?

@shapeblue #ccceu14

“Build it and they will come” is the motto of a fool.

“Build it, take it to them, ask them to buy and serve them well”

is the motto of a successful person.© Larry Winget

@shapeblue #ccceu14

“Design for tomorrow,

build for today”

© Geoff Higginbottom 2013

Designing CloudStack CloudsGeoff Higginbottom

CTO ShapeBlue

geoff.higginbottom@shapeblue.com

Twitter: @CloudStackGuru