Transcript
Page 1: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

FUJITSU Cloud IaaS Trusted Public S5 Service Catalog

February, 2015

FUJITSU LIMITED NOTE: This presentation is only a summary and does not constitute a legal contract. Please see the terms and conditions of your services contracts for the controlling language.

Page 2: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

2 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Service Outline

Page 3: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

3 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Service Outline

Create virtual systems of variable scale depending on user’s requirements. Load balancer and firewall are available for the virtual system. Users can login as the administrator of the virtual machine OS and have no restriction to install

any type of software or develop applications.

FUJITSU Cloud IaaS Trusted Public S5 (here after called "Trusted Public S5”)

creates and provides a private virtual system environment for users within the large scale resources of Fujitsu data center (DC) by using virtualization technology.

Resource pool

Virtual system

Private virtual system is allocated from resource pool.

FUJITSU DC

Users

Page 4: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

4 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

5 Features

Speedy

Just select the system configuration that best meets your purpose of use from the System Template Library.

Provides an environment that is already protected against threats coming from the Internet. (DMZ, Firewall)

Self-service

Easily create and customize servers/storages from the Service Portal.

It is also possible to monitor operation status, start/stop virtual machines (VMs) and back-up/restore, all from the Service Portal.

Scalable

Create, delete, increase or decrease servers/storages on the spot, whenever needed.

Hourly-based charge system for efficient usage.

Data protection by redundancy, performance assurance of VM resources (CPU/Memory), and VPN connection.

Secure

Standardization Joined the leadership board of the DMTF Open Cloud Standards

Incubator, and endeavors for Cloud standardization.

Page 5: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

5 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Speedy

Simplify infrastructure creation by using system templates. Provides a variety of templates which can set VMs separated on

multiple segments. Easy to add extra VMs to the template.

Additional resources

1. Select

3. Deploy

Windows Server

CentOS Server

Virtual System

2. Customize

System Template Library

System templates

WEB Server

WEB Server

DB Server

CentOS Server

DM

Z

Secu

re

VMs

User Private Environment

Page 6: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

6 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Scalable

It is possible to increase/decrease the number of load-balanced VMs, corresponding to online-business peak hours.

Can be used as temporary development/test environment.

Start with small scale. Add more disks to meet data volume,

whenever necessary. Easily increase or decrease disk

capacity.

Start with minimal initial investment.

Scale up VM performance, corresponding to business growth.

* Additional costs for OS and Software licensing, typically per month billing

Start using VMs within one hour after system deployment. Pay as you go. (*) Flexibly scale out/up at any time.

User Business peak hour

Normal hour

Increase Decrease

Business scale expansion

Initial Operation Performance reinforcement

Initial Operation Data reinforcement

Normal hour

Setting

Setting

User

User

Setting Increase Increase

Page 7: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

7 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

DesignStudio

Self-service

Select and customize system templates. Resource setup: Deploy or delete VMs Add/remove or attach/detach additional disks

Systems operations can be executed from a web browser.

Select a template and easily deploy a system with "DesignStudio".

Operate or check the system status with "System Manager".

System Manager

Operate VMs (start/stop/restart/backup/restore). Specify Firewall/Load Balancer. Update firmware. Verify VM status (“Running”, “Stopped”, “Deploying”…) Notice about trouble occurrence (information about

fail-over, etc.). Create VM images and system templates. Performance monitor (CPU, disk, network, etc.).

Page 8: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

8 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Complete redundancy of components, equipment and networks.

Server

Redundant underfloor LAN wiring-network

Stocks of spare components for maintenance

Storage

Secure

High-availability by system redundancy and fail-over feature. Performance assurance of VM resources (CPU/Memory). Secure connection with VMs by SSL-VPN connection.

Secure access to VMs by SSL-VPN connection

Automatic fail-over in case of hardware malfunction

SSL-VPN

Redundant network devices (switch, router)

Redundant disk

Mirroring between cabinets

Redundant storage

VM Redundant power supply

SSL-VPN

VM

VM

Page 9: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

9 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Approach in DMTF

Standardization

Joined leadership board of the DMTF Open Cloud Standards and is engaged with Cloud standardization

Fujitsu Submit Cloud API specification to DMTF

Fujitsu Cloud API

DMTF (Distributed Management Task Force): International standardization group about operation management and virtualization technology

Fujitsu have been elected as a promotional leader. DMTF Star Award

Jacques Durand, who works for Fujitsu America Inc., was recognized for his continuous contributions to Cloud standardization and was awarded the “DMTF Star Award”.

We provide the Fujitsu Cloud API for programmatically controlling virtual systems.

Users can operate virtual machines automatically (start, stop, backup, etc.).

FUJITSU Cloud IaaS Trusted Public S5

user Software API calls can be scripted to automate regular tasks such as: EX) - Stop virtual machines - Backup data - Reboot virtual machines

Cloud API

WEB Server

WEB Server

DB Server

CentOS Server

DM

Z

Secu

re

Virtual System

Page 10: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

10 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Service Usage Flow

1. Select a template at the Service Portal. 2. Deploy the selected template as a virtual system. 3. Connect via SSL-VPN, log-in to VMs and build applications. 4. Set the firewall, then make services available via Internet/private network.

Virtual system

user

System Template Library

Deployed system can obtain the Internet connection, VPN, and the Intranet connection easily.

Firewall/NAT (Network Address Translation)

1. Select template

2. Deployment

3. Connect via SSL-VPN, log-in to VM.

4. Set the firewall, then connect to the Internet or Intranet

Access via the Internet

Patches of System template are updated regularly.

Single Web

Server

Web Server x3 + AP/DB Server x1 + Interior FW/LB + Additional disk

Web Server x3 + AP Server x2 + DB Server x1 + etc..

Internet/Intranet

Service Portal

Page 11: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

11 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Service Details

Page 12: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

12 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Service Menu Outline

Category Menu Description

Network

Virtual Subnet Provides private IP address. This enables communication between VMs inside the system template.

Firewall Provides Firewall for controlling the communication with the Internet and between virtual subnets. Features such as session log display, rules import/export, setup for DNAT/SNAPT and Static NAT are also provided.

Load Balancer Network traffic to a private IP address are dispersed among multiple registered VMs. It also provides a packet capture log feature.

NAT (Network Address Translation) Provides NAT function for global IP address communication.

Update Servers Provides access to WSUS server for Windows update, yum repository server for CentOS update, and RHUI server for RHEL update. (*1)

Monitor

Hardware monitoring Monitors hardware looking for malfunctions. If a malfunction is detected, it automatically restarts VMs at a different server and notifies users by e-mail.

VM Health Checking Monitors the running status of the VM.

Service Portal

Design Studio Select the system template, deploy and change the settings.

System Manager Operate and confirm the status of the system.

Server Console Verify and solve troubles, such as OS startup latency due to fsck, using a web-based console.

*1 : In order to use the update server, it is necessary for the virtual system to have access to the internet.

Page 13: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

13 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Network Layer Types

Subnet Firewall-controllable traffic Conceptual diagram

1 Tier • Internet <----> DMZ

2 Tier • Internet <---> DMZ

• DMZ <---> Secure 1

3 Tier

• Internet<--->DMZ

• DMZ<--->Secure 1

• DMZ<--->Secure 2

• Secure 1<--->Secure 2

Firewall is provided by default.

One firewall can control the traffic between the Internet and also between Intranets.

DMZ

DMZ

Secure 1

Secure 2

DMZ

Secure 1

Page 14: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

14 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Monitoring

Types Description

Hardware Monitoring

Virtual Machine Monitoring

Virtual Machines are automatically rebooted when transferred.

Notification e-mails are sent to users when the transfer starts and when it finishes.

Transfer the VMs to an operational physical server

Monitor the physical servers for malfunctions. If a physical server goes down because of a failure, the VMs running on that server are transferred to another operational server.

Transfer the VMs to an operational physical server

If any trouble occurs on the Virtual Machine due to an abnormality on the hypervisor or the physical server, VMs running on that hypervisor or physical server are transferred to a normally operating physical server.

VM

Hypervisor

VM VM

OS OS OS

Physical Server

VM

Hypervisor

VM VM

OS OS OS

Physical Server Failure

Abnormality

Page 15: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

15 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

VM Type (1)

Type CPU Performance index *1 Number of virtual CPU *2 Memory (GB)

Economy 1 1 1.7

Standard 2 1 3.4

Advanced 4 1 7.5

High-performance 8 2 15

Double-High15 (*3) 16 4 15

Double-High (*3) 16 4 30

Quad-High30 (*3) (*4) 32 8 30

Quad-High (*3) (*4) 32 8 60

*1: Appropriately Xeon 1.0GHz (in 2007) per CPU Performance index 1. *2: Number of virtual CPUs could be varied in future requirements. Since CPU resource is statically assigned to each VM, VM usage does not affect other VM’s performance. *3: This VM type cannot be applied with “Red Hat Enterprise Linux 5.x(32bit)”, “Red Hat Enterprise Linux 6.x(32bit)”, “CentOS 5.x(32bit)” and “CentOS 6.x(32bit)” due to non-assurance of sufficient memory. *4: This VM type is available for Japan, Europe-Germany and Europe-UK.

Disk Capacity of

CentOS / Ubuntu Capacity of

Windows Server 2003 / RHEL Capacity of

Windows Server 2008 / 2012

System Disk 10 GB 40 GB 180 GB

OS is installed in the system disk. The space requirement varies by OS. (The capacity above is the total, including the OS.) System disk will be deleted when VM is deleted. For saving data, use the additional disk service provided.

Page 16: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

16 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

VM Type (2)

Installed OS Version

Windows Windows Server (*1)

Windows Server 2008 R2 SP1 SE 64bit English Processor License Windows Server 2008 R2 SP1 EE 64bit English Processor License Windows Server 2012 SE 64bit English Processor License Windows Server 2012 R2 SE 64bit English Processor License

Linux

Red Hat Enterprise Linux

Red Hat Enterprise Linux 5.7 32/64bit (English) Red Hat Enterprise Linux 5.8 32/64bit (English) Red Hat Enterprise Linux 5.9 32/64bit (English) Red Hat Enterprise Linux 6.3 32/64bit (English) Red Hat Enterprise Linux 6.4 32/64bit (English)

CentOS

CentOS 5.6 32/64bit (English) CentOS 5.9 32/64bit (English) CentOS 6.2 32/64bit (English) CentOS 6.4 32/64bit (English)

Ubuntu Ubuntu Server 14 LTS 64bit (English)

OS is provided as pre-installed in the VM. (*1) Microsoft software is provided with SPLA license. Note that there may be usage restrictions on the license contract of the Microsoft products of this service.

Page 17: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

17 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

System Template Service

Service Menu Description

System Template Service

• Provides templates to create multi-layer subnet systems with only a few clicks. • OS and middleware are included and basic network settings are configured by

default. • Access to the system from the Internet requires firewall settings. • Communication between VMs of different layers also goes through the firewall.

Example of a 3 Tier system template. • Users can deploy a 3 Tier system as the diagram below. • Users can select from a wide variety of system templates.

Templates OS/software

Web/DB CentOS [5.4/32bit/2-tier] CentOS5.6 32bit

Web/DB Windows [2003 SE/SP2/2-tier] Windows2003 R2 SE 32bit SQL Server 2008 SE

Web/DB Windows [2008 R2 SE/2-tier] Windows Server 2008 R2 SE 64bit SQL Server 2008 SE

Examples of templates

WEB WEB WEB

AP AP

DB

DMZ

Secure 1

Secure 2

Page 18: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

18 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Middleware Service

Service Menu Description

Middleware Service Microsoft SQL Server 2008 R2 SE Microsoft SQL Server 2012 SE Microsoft SQL Server 2014 SE

Provides system templates with middleware included. VMs are also provided with pre-installed middleware.

Page 19: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

19 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Network Service (1)

Service Menu Description

Internet Connection Feature

Provides Internet connection environment for VMs. Also provides the environment for SSL-VPN connection via Internet to the Trusted Public S5’s virtual system.(*1)

IPsec VPN Service All virtual Systems on S5 can easily establish IPsec VPN connection with other environments via virtual VPN gateway. Mobile internet VPN and Hub & Spoke functionalities are also provided.

IPsec VPN Service All virtual systems on S5 contract can establish IPsec VPN connection with other environments via virtual VPN gateway. VPN environment can be easily set up.

DC Internal Connection Service

Provides Fujitsu DC internal connection for users, connecting systems that are operating inside the DC with Trusted Public S5 systems.

Global IP Address Service Provides up to 10 global IP addresses to access from the Internet.

Multiple NIC Service Allows the allocation of up to 7 additional NICs per virtual machine (including the default NIC, a maximum of 8 NICs can be installed)

*1 : Internet / Intranet connection settings can be changed after deployment.

Page 20: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

20 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Network Service (2)

Service Menu Description

Firewall Service

Controls the network traffic between virtual systems, or between the external network and the virtual system. The firewall can be cloned for redundancy. Throughput performance is as follows. (*1)

Normal 8 to 183 Mbps

Turbo 75 to 350 Mbps

Load-balancing Service

Provides internal/external load-balancing system. Features for maintaining a session (including SSL), and for displaying an "Error page" are also available. The load-balancer can be cloned for redundancy. Efficiency of SSL is as follows. (*1)

Normal Max. 30TPS [1024bit key length] Max. 10TPS [2048bit key length]

Turbo Max. 2000TPS [1024bit key length] Max. 700TPS [2048bit key length]

*1 : These values were measured using the Fujitsu evaluation environment and will vary based on user architecture and workload. Actual speed cannot therefore be guaranteed.

Page 21: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

21 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Internet Connection Feature

No need for users to prepare their own internet connection line. Translate global IP address into private IP address via firewall configuration.

Provides the environment for connecting VMs to the Internet. Connect to the internet by simply configuring the firewall. Provides SSL-VPN connection to VMs.

User (operator)

Global IP address

Address Translation

Feature overview

Virtual system

Configure firewall using Service Portal.

Quickly set up an Internet connection

Service Portal

G1

G2

G3

Private IP address

P1

P2 P3

Page 22: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

22 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Virtual Platform Environment Virtual Platform Environment

Virtual Platform Environment

IPsec VPN Service(1)

IPsec VPN connections between S5 virtual systems and other environments are established through an IPsec VPN gateway server.

Easily set up a VPN environment.

IPsec connection between on-premise environment and Trusted Public S5

IPsec connection between Trusted Public S5 regions

Trusted Public S5

Trusted Public S5

VPN Gateway

Trusted Public S5

VPN Gateway

Note: On the user’s on-premise environment side, the user needs to set up a VPN gateway.

Region-A Region-B

IPsec VPN

IPsec VPN

On-premise environment

VPN Gateway

VPN Gateway

Note: In this case, user does not need to set up a VPN gateway.

Page 23: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

23 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

IPsecVPN Gateway Settings Setting Item Value Complement

ID IPsecVPN gateway unique ID Up to 10 opposite gateways can be set

Destination Gateway Global IP Address

Global IP address of the opposite IPsecVPN gateway

Authentication Key (PSK) Any alphanumeric characters Should be the same as the opposite IPsecVPN gateway and client device

Ping Monitoring Destination Private IP address of the opposite IPsecVPN gateway

After established the IPsecVPN tunnel, it monitors the opposite IPsecVPN gateway by Ping.

Encryption Suite Cipher Suite A/Cipher Suite B

・Should be the same as the opposite IPsecVPN gateway ・Do not set when using Mobile Internet VPN <Reference for setting> Encryption strength: Cipher Suite A < Cipher Suite B Encryption process efficiency: Cipher Suite A > Cipher Suite B

Hub & Spoke On / Off

Mobile Internet VPN (L2TP/IPsecVPN)

On / Off

When “On”, user needs to set the following items: -User ID -Password -Target virtual system for VPN access -Timeout

The transmission speed was measured between Japan East and West regions using a 64KB packet.

・Result: 35.5Mbps - 291.0Mbps *Depends on the network (Internet) conditions.

IPsecVPN Gateway Performance

IPsec VPN Service(2)

Page 24: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

24 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

IPsec VPN Service(3)

Specification IPsec VPN connection is possible only with the global IP addresses that were set at the VPN gateway.

Usage fee of Internet and IP address are not charged for IPsec VPN.

The below listed VPN gateway devices have been confirmed to be operable. •Cisco 892J(IOS:12.4 or later) •Cisco 1812J(IOS:12.4 or later) •Cisco ISR 2811(IOS:12.4 or later) •Cisco ISR 3811(IOS:12.4 or later) •IPCOM EX2300 IN(E20L21 or later) •Si-R220C(V35 or later) •Si-R G200(V1 or later) •Si-R220C(up to V34) *1 •Si-R220B *1 •Si-R80Brin *1

*1: Note that for these devices, when a NAT device is configured between VPN gateways, IPsec VPN connection will NOT work.

Each virtual IPsec VPN gateway can connect simultaneously to a maximum of 10 opposite gateways or 2,000 client terminals.

Page 25: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

25 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

IPsec VPN Service(4) – Mobile Internet VPN

Client devices Target VSYS can

be specified

User’s Contract Organization

Trusted Public S5

IP Address: 64.1.1.10

IP Address: 64.1.1.11

IP Address: 64.1.1.12

⇒ Private IP address for L2TP

192.168.1.1

⇒ Private IP address for L2TP

192.168.2.1

⇒ Private IP address for L2TP

192.168.3.1

User ID

Password

PSK

Settings Example (iPhone) ・No application is needed.

Easily connect by using the device’s

default VPN settings.

・In order to use L2TP,

each device gets a private IP address

from Trusted Public S5.

・Authentication method can be selected

from the client side(MS-CHAP-V2, CHAP, PAP)

IPsecVPN connection is possible with Windows, iOS, Mac OS and Android devices No need to install applications on the client device. Just setup the default VPN settings of the

OS (User information, destination address, etc.)

Usage image for Mobile Internet VPN

IPsecVPN GW

Virtual System A

Virtual System B

Virtual System C

Page 26: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

26 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Client OS Version Support

Windows

Vista(32bit/64bit) Yes

(SP1, SP2)

7(32bit/64bit) Yes

(Up to SP1)

8(32bit/64bit) Yes

8.1 Yes

iOS 5.x/6.x/7.x Yes

Android 2.x/3.x/4.x Yes

Mac OS X 10.7/10.8/10.9 Yes

Supported OS for Client Device

(*1) Windows Server and Linux are not supported (*2) Using EAP (extendible authentication protocol) certificate for user authentication is not supported. (*3) Using certificates for connection authentication is not supported. (*4) The user ID and password of the client device must be set at the TPS5 IPsecVPN gateway beforehand.

Use Case Examples ・Connecting to TPS5 systems securely from the user’s office without a VPN gateway. ・Connecting to TPS5 systems securely with mobile devices outside of the office. ・Service provider can offer mobile solution services on TPS5

IPsec VPN Service(5) – Mobile Internet VPN

Page 27: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

27 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Client Terminal

Virtual System A

L2TP/IPsecVPN 192.168.3.0/24

192.168.4.0/24

192.168.5.0/24

User’s Contract Organization

Virtual System B

Virtual System C

Trusted Public S5 IP Address: 64.1.3.11

⇒Private IP address for L2TP connection 192.168.3.1

Network Address: 64.1.1.0/24

IPsecVPN GW

Network Address: 64.1.3.0/24

IPsecVPN GW

VPN connection between on-premise terminals are possible via TPS5

IPsec VPN Service(6) – Hub & Spoke

・Easily creating a network between user’s branch offices via the Internet. ・Connecting to user’s office securely from mobile devices. ・Easily configuring a hybrid cloud environment between the user’s TPS5 system and on-premise environments.

Through the IPsecVPN gateway, it is possible to connect a client terminal with

another terminal or mobile device by VPN

Use Case Examples

Hub & Spoke Usage Image

IPsecVPN GW

Page 28: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

28 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

DC Internal Connection Service

Hybrid infrastructures can be created by establishing connection between S5 virtual systems and users’ systems that are hosted inside Fujitsu DC.

Image of DC internal connection service

User system inside Fujitsu DC

Virtual System

Fujitsu DC internal network

Page 29: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

29 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Firewall Service

(*1) These values were measured using the Fujitsu evaluation environment and will vary based on user architecture and workload. Actual speed cannot therefore be guaranteed.

Item Firewall

(Primary) Firewall

(Secondary) Notes

Throughput Performance (*1)

Normal 8~183Mbps

Turbo 75~350Mbps

Start/Stop Operation ON/OFF ON/OFF Independent start/stop possible

Fea

ture

NAT Settings DNAT / SNAPT, Static NAT

Settings Unavailable (Automatically Updated)

Firewall Settings Rules Settings

DNS Settings

One of following : • Do not use • Standard DNS • Custom DNS Settings

Log Display Latest 1000 items can be viewed/ exported

Latest 1000 items can be viewed/ exported

Primary/Secondary log can be viewed/exported separately

Configuration Management

Firewall Settings’ Backup/ Restore Settings Unavailable

(Automatically Updated)

VPN Environment Settings

Static Route Settings

Manage communications between virtual systems or between the virtual system and the outside network

DNAT/SNAPT/Static NAT setup available Import/Export many firewall rules at the same time Up to 800 firewall rules can be set

Page 30: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

30 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Firewall Redundancy Service

【Important Notice】 1. Firewall redundancy cannot be set up

when creating a new system. After deploying a firewall, change the setup to make it redundant. Additionally, the firewall (primary) must be active when doing so.

2. Equally, the primary firewall must be running in order to end redundancy.

3. The firewall needs to be restarted in order to start/end redundancy.

Automated switchover to secondary firewall within 10-20 second following failure of primary.

Updating or changing type (e.g. normal to turbo) only takes a few seconds offline. Switching between primary and secondary can also controlled via the API. Primary firewall settings such as global IP address and private IP address can be

automatically shared with the secondary firewall.

Firewall Redundancy Service Features

(1) Auto-switch on incidents

(2) Manual switch available

Primary Secondary

Primary ON/OFF

Secondary ON/OFF

WEB WEB

AP

BP

DMZ

SECURE 1

WEB

SECURE 2

Page 31: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

31 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Continuous Service

Maintain Session

Monitoring and Automatic re-routing Following Failure

Load Balance Service (1)

Rule Based Load Balancing

Provides load-balancing across VMs. Features: maintain session, monitor for failure, continuous service. New “High-performance Turbo Load Balancer” which is more efficient than the previous load

balancer.

Monitor server’s health.

Disconnect from load balancer when a malfunction Is detected.

Disconnect from load balancer manually for maintenance.

Reconnect to load Balancer after finishing maintenance.

Disperse requests according to balancing rules Without session

preservation

With session preservation

error Maintenance Online

Requests may be dispersed to different servers, causing the replies to be inconsistent.

Requests from the same user will be sent to the same server so that inconsistency does not occur.

Page 32: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

32 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Load Balance Service (2)

(*1) These values were measured using the Fujitsu evaluation environment and will vary based on user architecture and workload. Actual speed cannot therefore be guaranteed.

Item Load Balancer

(Primary) Load Balancer (Secondary)

Notes

SSL TPS performance (*1)

Normal Max 30TPS [1024bit key length] Max 10TPS [2048bit key length]

Turbo Max 2000TPS [1024bit key length] Max 700TPS [2048bit key length]

Start/Stop Operation ON/OFF ON/OFF Independent start/stop is possible

Fea

ture

SLB Settings Web accelerator settings, add group, Sorry page settings, certificate registration

Settings Unavailable (Automatically Updated)

Load Balance Situation

Display/Clear statistics , transfer to maintenance mode

Inspection Available

Error Situation Display/Clear statistics

Certificate Management

Server certificate/Intermediary certificate registration/delete

Settings Unavailable (Automatically Updated)

Configuration. Management

Settings backup/restore Settings Unavailable (Automatically Updated)

Packet Capture Log Log output Output download/delete

Settings Unavailable (Automatically Updated)

Page 33: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

33 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Load Balancer Redundancy Service

【Important Notice】 1. Load balancer redundancy cannot be set up when

creating a new system. After deploying a load balancer, change it's setup to make it redundant. Additionally, the load balancer (primary) must be active when doing so.

2. Equally, the primary load balancer must be running in order to end redundancy.

3. The load balancer needs to be restarted in order to start/end redundancy.

4. VMs and load balancers are included in the system deployment limit of 20 machines.

Automated switchover to secondary load balancer within 10-20 second following failure of primary.

Updating only takes a few seconds offline Switching between primary and secondary can be controlled via the API or My Portal. Primary load balancer settings such as global IP address and private IP address can be

automatically shared with the secondary load balancer.

Load Balancer Redundancy Service Features

(1) Auto-switch on incidents

(2) Manual switch available

WEB WEB WEB

Secondary

Before Incident:

After Incident:

Primary ON/OFF

Secondary ON/OFF

Primary

WEB WEB WEB

AP DB

DMZ

DMZ

SECURE1

Page 34: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

34 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Multiple NICs Service (1)

* NIC (Network Interface Card) is an extension card to connect to the LAN (Local Area Network)

Allows the allocation of up to 7 additional NICs per virtual machine (Including the default NIC, a maximum of 8 NICs can be installed)

VMs can be connected to different network segments by adding NICs. Flexible and efficient network topologies can be implemented utilizing

multiple NICs.

Example of Multiple NICs Service Usage Business Purpose Transmission :

Monitoring Purpose Transmission :

WEB1 WEB2

DB

Monitoring Server

DMZ

SECURE 1

SECURE 2

Page 35: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

35 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Multiple NICs Service (2)

Multiple NICs can only be added when creating a new virtual machine. It is not possible to add NICs to a virtual machine that is already deployed.

When connecting a Secure segment and a DMZ segment, please ensure that appropriate firewall rules are implemented, ideally with “point to point” specific rules.

[Security Guidance] Always configure the firewall to permit authorized, ideally point-to-point traffic flow between segments and VM’s. This is especially important when configuring external connectivity to/from the internet.

1. It is not recommended to set NAT to the Virtual Machine and enable connection from the Internet. 2. It is not recommended to set routing configuration on the Virtual machine between DMZ and Secure segment.

Important Notice

Security Notification of Multiple NICs Precaution 1:

Precaution 2:

WEB

DB

DMZ

SECURE1

Routing

NAT

Page 36: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

36 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Storage Service (1)

Service Menu Description

Additional Disk Service

10GB to 10TB capacity per additional disk (data is encrypted when written on a physical disk). It is possible to add more disks or switch connection to different VM’s when needed.

Scale out / Switch connection to another VM.

Although disk size can be increased up to a maximum of 10TB per additional disk, please note the following restrictions: • Red Hat Enterprise Linux 5.x 32bit/64bit: support up to 8TB • Red Hat Enterprise Linux 6.x 32bit/64bit: support up to 10TB

Attach/detach

Re-attach to another VM

Add a disk when needed

Additional Disk Service

. . .

Example: Re-attach the disk to a higher performance server to easily transfer data.

Disk stand-by area Reserved area for disconnected disks.

DMZ

SECURE 1

SECURE 2

Restrictions

Page 37: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

37 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Storage Service (2)

Service Menu Description

System Backup Storage Service Provides a disk for system or data backup. (*1)

Backup VM system or additional disk by copying the entire disk. (*2) This service is available when you execute the backup operation from the Service Portal. It is possible to generate multiple generation backup files. (*3) Data Backup

Storage Service

System Snapshot Storage Service

Provides a disk for system or additional disk snapshot. Take snapshot without stopping the VM. Restoring time is reduced compared to Backup Service.(*4)

Data Snapshot Storage Service

*1 : : To use this service, the VM needs to be shut down. However, it is possible to restart it 1 or 2 minutes later.

*2 : Backup files can only be restored to original volume.

Backup files are deleted automatically when original volume is deleted.

*3 : A new backup disk is created for each backup operation. Backup managing (e.g. deleting) should be done by the user.

*4 : To restore a snapshot, the VM needs to be stopped.

When the restore operation is completed, the snapshot data is deleted.

Page 38: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

38 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Storage Service (3)

Service Menu Description

Virtual Machine Image Storage Service

Provides storage disk for saving user-created VM images and system templates. It is possible to extract a deployed VM or system image and create an user customized template. *1 Service charging starts from the time that the user executes "create image" at the Service Portal. Images and templates can be used for scaling-out or for cloning a virtual system.

Create Template *2 It is possible to create a system image from a deployed virtual system and use it to clone that virtual system.

Create Image *2 It is possible to create a VM master image from a deployed virtual machine and use it to clone that VM.

*1: The master image remains even if the VM is deleted.

*2: To use this service, the VM needs to be shut down. However, it is possible to restart it 1 or 2 minutes later.

Virtual Machine Image Storage

Create System Template

Create new virtual system

Create VM master image

Scale out

Page 39: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

39 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Software Support Change (1)

No. Change pattern Applied charge for the month

Restriction after changing

1 Support not included to Support included

The higher support charge is applied(*2)

User cannot change the software support to “Support not included” for 180 days.

2 Support included (Weekday 8:30-19:30)

to Support included (24 hours 365 days) None

3 Support included (24 hours 365 days)

to Support included (Weekday 8:30-19:30)

None

4 Support included to Support not included None

*1: - This function is only available for virtual machines that have multiple software support options. Please refer to the “OS

Environment Usage Charges” section of the “Service Charges” menu available on the Portal. *2: - If the VM is never started after user changed to higher support level until the end of that billing month, the cheaper support

charge is applied. If it is stopped during the whole billing month, there is no charge for the OS and middleware software, including the support.

It is possible to disable or enable the Software Support without rebuilding the virtual machine(*1) .

When the software support is changed, the more expensive plan will be charged for that month’s billing.

Page 40: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

40 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Software Support Change (2)

When creating a new VM with “Support included” or when changing from “Support not included” to “Support included”, it is not possible to change to “Support not included” for 180 days, including the day of application.

After creating a new VM with support or adding support to an existing VM, a maximum of 5

business days are required before support is available.

Restrictions and Important Notes

Time

Support level

Support not included

24 hours 365 days support

Weekday 8:00-19:00

Support not included

Weekday 8:00-19:00

“Support not included” is unavailable for 180 days

Change

Change

Change Change

[Possible to change] Support included (24 hours 365 days) to Weekday 8:00-19:00 support

[Possible to change] From “Support not included” to “Support included”

Page 41: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

41 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

User Community Outline

https://cloudcommunity.global.fujitsu.com/en/

Open to the public and accessible via the internet Provides development tools for TPS5 API FAQ, documentation and forums enable users to resolve many issues and queries –

and to share their own tips and workarounds

Page 42: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

42 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Service Portal

Page 43: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

43 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Service Portal Outline

Service Portal Top Page

Menu List

Login

New Account

Notices / Maintenance Info

Cloud Resource Management Secure, authenticated client access Available functionality (after login):

• Easy system design via Design Studio • Service Dashboard to monitor system status • Administrative functions (ID/certificate management)

Page 44: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

44 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

After Login (My Portal)

Screen after login

Menu List

Minimized Windows

Start-up Window

Notice Window

Easy to use, intuitive User Interface

Page 45: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

45 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Design Studio

System template selection. VM addition, removal, spec change. Addition, removal and

reconfiguration of firewalls, etc. Addition, configuration and removal

of optional services.

VM addition, removal and spec change.

Addition, removal and reconfiguration of firewalls, etc.

Addition, configuration and removal of optional services.

System Initial Deployment Configuration of Running Systems

Create, amend and delete Virtual System, Virtual Machine, Firewall configurations

Easy to use graphical UI Cumulative Monthly Cost is calculated as resources are added or removed

• Useful as a “sandbox” for developing architectures and assessing associated costs – before committing to deployment

Page 46: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

46 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Building a New System - Flow

Deployment process Confirm and start system deployment.

Step1

•Search for & Select the Virtual system template – 1, 2 or 3-Tier

Step2

•Name the virtual system template •Select connection type (Internet/private network)

Step3

•Create/delete/modify VMs •Add/remove/modify optional services

Step4

•Confirm estimation •Save the estimation

Step5

•Gain approval for deployment •Accept the service agreement

Page 47: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

47 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Building a New System (Step 1 & 2)

Virtual system Template Search & Selection

Refine by keyword and approximate cost

Network Connectivity Selection

Step 2: Specify network environment

Step 1: Virtual System Template Selection

Template Search

Template List

Template Details

System Name Input

Network Type Selection

Page 48: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

48 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Building a New System (Step 3 & 4)

Drag & drop inside the system outline diagram to add a new appliance.

Change the VM spec or copy/delete a VM deletion are possible.

System Build/Customize

Estimate Confirmation

The estimate generated is based on a maximum monthly uptime of 744 hours. The estimate can be saved for approvals and, once approved, used to reconfigure or deploy the system.

Step 3: Architect the virtual system design

System Outline Diagram

Virtual System Details

Available Appliance List (VM, storage, etc.)

Step 4: Confirm estimate

Estimation Results

Page 49: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

49 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Building a New System (Step 5 - Start Deployment)

Customer acceptance of service contract terms and conditions

Step 5: Agree to service usage contract

Service Usage Contract

Ready to start deployment.

Page 50: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

50 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

System Manager

Check the VM status (Running / Stopped / Deploying, etc.)

Verify the malfunction occurrence state (information about Fail-over).

Confirm the resource usage state (CPU performance index, disk space).

Operate VMs (Start / Stop / Reboot / Backup / Restore).

Configure Firewalls and Load Balancers, update the firmware.

Create VM Images and System Templates.

Running Status Display Resource Operations

Service Dashboard for checking the system status. Administrative functionalities for management of virtual systems

and VMs

Page 51: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

51 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

System Manager – Virtual System Overview

System Summary (Composition View)

System Details

Log-in to OS, Change system composition, Return machine

System Summary

Operation Buttons

List of VMs on the Selected System

Page 52: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

52 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

System Manager - Virtual Machines

VM Summary Page

Displays VM information: - VM status - VM name - IP address - Backup/restore status - Number of backups etc.

Backup Screen

Summary of stored backup data

Start backup Start restore Delete backup data

Operation Buttons

VM Summary List

Backup Data List

Backup History

Operation Buttons

VM start/shutdown

Page 53: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

53 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

System Replica Distribution

[Restriction] - FW/SLB settings cannot be copied in this function. - Private IP address and Global IP address will change. - Cannot use this function between different regions. - Please do not infringe or violate the intellectual property right of others.

With the System Replica Distribution function, users may copy configured virtual systems, virtual machines and attached additional disks, and then deploy those copied resources to another contract ID’s system

It is also possible to copy user data from one additional disk to another one in the same contract ID system

Use Case

With old contract ID's system(*1), the user cannot use high performance type of VM. However, by copying the current system to a new contract ID's system(*2), the user can user high performance type of VM. *1: Contract ID applied on before July 11, 2012 *2: Contract ID applied on after July 12, 2012

User can migrate

whole system easily.

Service Provider Capabilities

business system

business system

B

C

Contract ID: A

DMZ

Secure

DMZ

Secure

Old contract ID's system

Unable to use high performance VM

DMZ

SECURE1

New contract ID‘s system

Able to use high performance VM

DMZ

SECURE1

business system A

Contract ID: B

DMZ

Secure

business system X

Contract ID: C

DMZ

Secure

business system Y

Contract ID: D

DMZ

Secure

Copy whole virtual system

Copy VMs only

Copy only user data

in additional disk

business system A DMZ

Secure

Page 54: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

54 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Multiple private IP addresses

Private IP address (DHCP) Private IP address (Manual setting)

Multiple NIC Service

Segment Same as VM Same as VM Can connect to other segments

NIC Only 1 (default) Only 1 (default) Up to 7 additional NICs

Private IP address range setting between each segment

• Users set the range of private IP address manually on the service portal. [Addressing private IP address range]

Class A:10.0.0.0~10.255.255.255 Class B:172.16.0.0~172.21.255.255 Class C:192.168.0.0~192.168.255.255 *In the above address range, the range “10.128.0.0/16” is not available.

Private IP address configuration to a VM

Private IP address (DHCP) is allocated automatically from the network address range (24bit mask) allocated to each segment.

In the network address range from “xxx.xxx.xxx.151/24” to “xxx.xxx.xxx.200/24”, user can set static IP address manually.

Private IP address (DHCP) is allocated automatically from the network address range (24bit mask) allocated to each segment.

Firewall

Rule setting Available Available Available

NAT setting Available Available Available

SLB load balancing settings Available Unavailable Available

Private IP address display on the service portal

Available Unavailable Available

Assign multiple IP addresses to a VM. Static IP addresses can be added in addition to the automatically

allocated private IP address. Enables multi-Domain configuration of VM.

Page 55: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

55 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

VPN Connection Environment Setting

Setting Internet VPN environment using static route function (Example) :

It is possible to connect Secure1 and Secure 2 network with servers on the user’s LAN by VPN connection.

Static routes can be configured within the virtual system’s Firewall settings Users can construct the Internet VPN environment on the S5 using VPN software

(e.g. OpenVPN) and the static route setting at Firewall. Enables easy configuration of Internet VPN connectivity

Trusted Public S5

VM VM

VM2 VM1 VM3

VM5 VM4 VM6

User on-premises environment

User LAN “A”

User LAN “B”

Installed OpenVPN

VPN

VPN

VPN

VPN

Installed OpenVPN Clients

DMZ

Secure1

Secure2

VM0

Page 56: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

56 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Server Console

Service Specification • Usage fee: Free

• Supported Browser: IE10/11(Windows7), Firefox ESR24(Windows7/Windows8)

• 1VM connection per one contract user

• Session time limit: 30 min

• Supported keyboard: en-us type

(1) Select target VM

(2) Click ‘Console’ button

(3) ‘Server Console’ screen will appear

Provides Command Line administration functionality Enables administration when VM connectivity has been lost; e.g. no SSH or

RDP

Page 57: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

57 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

VM Import Service (1)

*For the detailed procedure from(1)to (7), refer to the next slide.

The VM Import service allows the VMware format VM image created in the vSphere and Resource Orchestrator (ROR) environments to be imported directly from the Service Portal.

Provides: • VM import functionality from legacy or 3rd party environments • Ease of migration for ad-hoc or multiple moves as part of User transition • Enhances Business Continuity options by enabling the creation of “standby” VM images

Flow of VM Import Service

(1) Prepare VM image

(2) Prepare additional disk

(3) Transfer VM image to additional disk

User

Trusted Public S5

SSL-VPN

Client machine

(4) Start “VM Import”

(5) Importing

(6) Import Completed

(7) Create VM from private image

Page 58: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

58 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

VM Import Service (2)

No. Implementation items Contents Charge

(1) Prepare VM image Prepare a VM image of vmdk format on user environment.

-

(2) Prepare additional disk Create VM on the Service Portal of Trusted Public S5 and mount an additional disk.

-

(3) Transfer VM image to additional disk

Transfer the image file (vmdk) to additional disk. -

(4) Start “VM Import” Unmont the additional disk, click on “VM Import”, insert the necessary information about the image and start importing.

-

(5) Importing Import progress can be checked at “Image Manager”. -

(6) Import Completed When the import is successfully completed, the completion date is shown at “Image Manager” and a message is displayed on the Event Log.

“Image Storage Service” is charged accordingly to the image size.

(7) Create VM from private image

Create VM from the registered VM image (private image) and start using.

The usual service charges are applied. Also, other related services (such as OS License, OS Support) used with the imported VM image shall also be charged accordingly.

VM Import Workflow Details

Page 59: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

59 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

VM Import Service (3)

OS Category Importable OS License Certification Image type

Windows

Windows Server 2003 R2 SE 32bit SP2

Obtain license recertification through the TPS5 KMS service.

vmdk

Windows Server 2003 R2 EE 32bit SP2 Windows Server 2008 SE 32bit SP2

Windows Server 2008 R2 SE SP1 64bit

Windows Server 2008 R2 EE SP1 64bit

Windows Server 2012 SE 64bit

CentOS (*)

CentOS 5.x 32bit

No need of recertification.

CentOS 5.x 64bit

CentOS 6.x 32bit

CentOS 6.x 64bit

Ubuntu Ubuntu Server 14LTS(64bit)

Ubuntu Server 12LTS(64bit)

The following table identifies which OS can be imported and how to certificate each of them. After importing the OS, the usual Trusted Public S5 OS charges are applied.

No additional charges are applied for VM import. However, the imported VM image is stored by the “Image Storage Service”, which is charged accordingly to the size of the image. Also, when a VM is created from the imported image, charges for the VM, OS and other related services will be charged accordingly.

Inconsistencies between VM specification on the application form and the actual VM may impact the import and operation of the VM.

Importable OS

Notice

(*) CentOS 6.0 and 6.1 are not importable.

Page 60: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

60 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

VM Import Service (4)

Item VM Image Requirements CentOS / Ubuntu

Hypervisor Vmware

Image file type .vmdk

Mandatory driver and tool Before extracting VMware image, install the following files to the target VM image. VM transfer agent / PV driver / Support tool

VMware tools If there are VMware tools installed, they must be deleted.

Network setting (local area connection)

IPv4 DHCP

Number of Network adaptor 1 adaptor

Firewall setting , security software setting

Must turn off

Sysprep In case the copy source VM and destination VM needs to be started at the same time, execute Sysprep before extracting the VM image. Otherwise, Sysprep operation is not needed.

MD5 Check Obtain the image MD5 checksum value and indicate it in the application form.

Hypervisor software for extracting vmdk file

ROR V3.1.2 Cloud Edition ESX/ESXi 5.1 and 5.0

ESX 4.1 and 4.0 ServerView Resource Orchestrator V3.1.2 Cloud Edition

ESXi 5.0.0 Client 5.0.0

VM disk size User can specify the range between 10GB and 300GB (per 10GB unit). *Allowed number of hard disk is one.

*Delete floppy drive and CDROM/DVD drive.

VM with snapshot After exporting by using “Export by OVF format” provided by vSphere client, the integrated vmdk file can be used.

BIOS/UEFI Only BIOS is supported.

Windows OS – Import Requirements and Restrictions

Page 61: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

61 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Cloud API

Page 62: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

62 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Cloud API

• Automation/systematization of operations is possible. • Users and Service Providers can build original services.

DesignStudio and System Manager functionality are provided by API. By using the API, the same functions as the GUI can be integrated

into custom applications or scripts. Secure access by client authentication.

API

Developers and System Administrators

Development of original apps that use the API

Examples: VM deploy, delete, startup, shutdown, backup, etc.

Management/operation automation apps

API

Virtual system

System

Page 63: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

63 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

API Usage Scenario

Management and Operation Automation / Systematization

Building of a Branded Service by a Third-Party.

Automation/Systematization of administrative operations

• Automatically scale up/down or backup (etc.) based on schedule or load.

• Develop original portals implementing only the necessary functions.

• Develop portals for mobile devices.

Selling via Original Brand • High-Level (PaaS/SaaS) service

System Administrator

Use only the necessary functions

Operator

Use Service (API)

Tool development

Use Mobile

Service provider’s clients

Use Service Provide Service

Use Service (API)

Provide Service

Original portal Portal for mobile Automation tools

Trusted Public S5

Service Provider Service (Third party)

Trusted Public S5

Page 64: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

64 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Cloud API – Open Cloud Alignment

Fujitsu, today, has joined the leadership board of the Open Cloud Standards Incubator in the DMTF (Distributed Management Task Force).

The Open Cloud Standards Incubator was formed as part of the DMTF Standards Incubation process, which enables like-minded DMTF members to work together and produce informational specifications that can later be fast-tracked through the standards development process. It now consists of 37 major IT companies such as IBM, Microsoft, VMware etc. By joining the leadership board, Fujitsu applies know-how of the 'Trusted-Service Platform' the Cloud Service Infrastructure provided by Fujitsu, and is promoting Could Computing standardization, promoted by the 'Open Cloud Standards Incubator'.

Fujitsu and Fujitsu Laboratories Ltd. has submitted a proposal Cloud API specification (Interface for deployment of ICT resource in the cloud, configuration, deletion) to the DMTF. We will contribute to standardization of the API.

The standardization of Cloud APIs enables users to select from a broad range of cloud computing service vendors thereby avoiding potential vendor lock-in.

http://pr.fujitsu.com/jp/news/2009/11/19.html

Cloud Computing has 2 types:

• Public/private cloud - User uses the ICT system resources as a service by a provider.

• Enterprise Cloud - User owns the ICT system and builds/installs/configures it.

Many service providers offer these 2 types of cloud system. While Cloud Computing propagate throughout the world, it is possible to lose the ease of use for users because multiple cloud APIs exist.

Therefore, to increase ease of taking advantage of cloud computing, The “Open Cloud Standards Incubator" has been established to promote Cloud API standardization associated with the world's leading IT vendors.

Page 65: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

65 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Cloud API – Examples (1)

Name of API Description

DestroyVSYS Delete the virtual system. All resources in the virtual system are discarded and becomes invalid.

GetVSYSStatus Obtain a status information of the virtual system.

GetVSYSConfiguration Obtain a configuration information of the virtual system.

GetVSYSAttributes Obtain an attribute information of the virtual system.

UpdateVSYSAttribute Update an attribute information of the virtual system.

CreateVServer Create a VM in the virtual system. Specifying the ID of the disk image, which is used for initial contents of the boot disk, is required. Request message is encoded in UTF-8.

Name of API Description

ListVServer Obtain a list of all VM IDs in the virtual system.

CreateVDisk Create additional disks in the virtual data center. Users can attach these additional disks to VMs.

ListVDisk Obtain a list of all additional disk IDs in the virtual data center. The list indicates whether additional disks are attached to the VM or not.

Operations of Virtual System

Page 66: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

66 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Cloud API –Examples (2)

Name of API Description

DestroyVServer Delete a VM.

StartVServer Start OS of the VM.

StopVServer Stop OS of the VM.

GetVServerStatus Obtain a status information of the VM.

GetVServerAttributes Obtain an attribute information of the VM.

UpdateVServerAttribute Update an attribute information of the VM.

GetVServerInitialPassword

Obtain an administrator’s initial password of the OS in the VM.

AttachVDisk Attach an additional disk to the VM.

DestroyVDisk Delete an additional disk as well as the saved data in the disk.

Name of API Description

DetachVDisk Detach an additional disk from the VM.

BackupVDisk Start a backup of additional disk. The created backup is copied to the newly-created backup disk.

RestoreVDisk Copy the contents of additional disk’s backup to the another additional disk.

ListVDiskBackup Obtain a list of the additional disk’s backups.

GetVDiskStatus Obtain a status information of the additional disk.

GetVDiskAttributes Obtain an attribute information of the additional disk.

UpdateVDiskAttribute Update an attribute information of the additional disk.

Operations of Virtual Machine Operations of Additional Disk

Page 67: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

67 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Cloud API –Examples (3)

Name of API Description

UnregisterVSYSDescriptor

Cancel a registration of the template.

GetVSYSDescriptorConfiguration

Obtain a configuration information of the template.

GetVSYSDescriptorAttributes

Obtain an attribute information of the template.

Name of API Description

CreateEFM Create a built-in server.

ListEFM Obtain a list of the built-in server.

DestroyEFM Delete a built-in server.

StartEFM Start a built-in server.

StopEFM Stop a built-in server.

GetEFMStatus Obtain a status information of the built-in server.

GetEFMAttributes Obtain an attribute information of the built-in server.

GetEFMConfiguration Obtain a configuration information of the built-in server.

UpdateEFMAttribute Update an attribute information of the built-in server. API of this version can update the built-in server name only.

UpdateEFMConfiguration Update a configuration information of the built-in server.

Operations of Template Operations of Built-in Server

Name of API Description

UnregisterDiskImage Cancel a registration of the disk image from the virtual disk center.

GetDiskImageAttributes

Obtain an attribute information of the disk image.

Operations of Disk Image

Page 68: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

68 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Cloud API – Examples (4)

Name of API Description

ListVSYSDescriptor Obtain a list of the template in the virtual data center.

CreateVSYS Create a virtual system based on the template.

ListVSYS Obtain a list of the virtual system in the virtual data center.

AllocatePublicIP Allocate the global IP address.

ListPublicIP Obtain a list of all global IP addresses in the virtual data center.

ListDiskImage Obtain a Disk Image ID in the virtual data center.

Name of API Description

FreePublicIP Release a global IP address.

AttachPublicIP Attach a global IP address to the virtual system.

DetachPublicIP Detach a global IP address from the virtual system.

GetPublicIPStatus Obtain a status information of the global IP address.

GetPublicIPAttributes Obtain an attribute information of the global IP address.

Operations of Virtual DC (*) Operations of Global IP Address

Name of API Description

StandByConsole Prepare a connection with the console.

Other Operations

(*) A hypothetical data center on the cloud where users can create and use virtual systems.

Page 69: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

69 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Charging System

Page 70: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

70 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Pay-as-you-go for the resources and functions. • Refer to the separate document for each service’s unit price.

• Operating time is rounded up to the next hour.

ex. Operating time : 1h 45min 2h

• Network traffic is rounded down to the previous GB.

ex. Network traffic : 31.5GB 31GB

Charging begins when resource/function starts to be used. • The same for when the resource type is changed.

The charging system varies depending on the service used.

(Refer to the next pages for details.)

When several systems exist within one contract, the charge is calculated separately for each service and then included in a single bill.

Charging and Payment Considerations

Page 71: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

71 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Charging System Types

Type Charging System Description Service Example

TYPE- I Rate-based (1-hour units) Charge corresponding usage time. For VMs, the unit price varies with type.

- VMs - Global IP address Service - Load Balancing Service

TYPE- II Rate-based (Monthly) Charging is performed even for a single usage. (Independent of number of VM CPU)

- VM OS Environment [Microsoft Windows Server]

TYPE- III Rate-based (Monthly and Number of CPUs)

Charging is performed even for a single usage. (Dependent on number of VM CPU)

- VM Middleware Environment [Microsoft SQL Server]

TYPE- IV Rate-based (Time and Capacity)

Perform charging according to [Usage period x Guaranteed capacity]. (Capacity is the guaranteed capacity)

- System Disk Offer Service - Additional Disk Service - Template Storage Service - Disk Service for System Backup - Disk Service for Additional Disk Backup

TYPE- V Usage amount Charging performed on the basis of usage.

-Internet connection (Not charged after SR13)

TYPE- VI Usage counts Charging performed by each single use of the service. Unit price varies by template type (network class).

- System Template Service (Charged when new system is created)

Page 72: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

72 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Usage Period Considerations [1-Hour Unit]

Round up • Usage Period : 25min + 50min + 30min = 105min (1h45min) 2 Hours Round up

15:10 15:35 16:20 17:10 20:00 20:30

15:00 16:00 17:00 18:00 19:00 20:00 21:00

25min

50min

30min

Example

Usage time is calculated by summing minutes of resource uptime.

The totals is rounded up to the next hour (adding 1 to 59min).

Page 73: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

73 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Other Terms

Page 74: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

74 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Service Level

Coverage of redundancy

S5 target availability SLA is 99.95%

Object Description

VM

Provides automatic failover. In the case of a physical server disorder, the VM is automatically assigned to a new physical server and rebooted. Data being processed at the time of disorder is not guaranteed.

Virtual Storage

(System, Data)

Copies of data are kept on 4 different physical disks. Even in the case of 3 simultaneous physical disk failures, data is not lost. All data is stored in the same DC.

Internet connection Fully redundant. The switchover time for equipment failure is within one minute.

Page 75: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

75 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

On-Site operations

• Users cannot perform installations or setups in the DC. All operations are executed remotely.

Maintenance

• The security supervision of virtual machines is user responsibility.

Data deletion (when deleting the VM)

• Data in the system disk will be erased when deleting the VM.

• Data in an additional disk will be erased when deleting the additional disk.

• Backup disks will be deleted when its system disk or additional disk is deleted.

• 'Zero writing' method is used to delete data.

Requirements (Service Portal)

• Resolution : 1280 x 1024 or better (recommended), 1024 x 768 (minimum)

• OS : Windows XP SP3 (32bit), Windows Vista SP2 (32bit), Windows7 (32bit/64bit), Windows8 (32bit/64bit)

• Browser : Internet Explorer 7/8/9/10/11, Mozilla Firefox ESR24

• Flash Player : Adobe Flash Player 10

• Java Runtime Environment : JRE 6.0 update24 or later

Other Notes

Page 76: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

76 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Security Notes

Data center • All VMs run inside Fujitsu’s safe data centers.

• No data is ever stored outside Fujitsu's data centers.

Administrator authority • Fujitsu does not have administrator authority on VMs created by users.

Security updates • Security updates of VMs OS and middleware must be applied by the user.

• Security updates of hypervisors, TPS5 management system, network and storage equipment are applied by Fujitsu.

Page 77: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

77 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Resource Limits

VM Service No. Items Limitation value

1 Max. number of Resource Controllers per contract No explicit limit

2 Max. number of Custom Authorization Patterns per system (Central Management Privilege pattern)

No explicit limit

3 Max. number of Custom Authorization Patterns per contract (Virtual System Management Privilege pattern)

No explicit limit

4 Max. number of systems per contract 140

5 Max. number of VMs, including SLB built-in servers, per segment (Except Firewall)

20

6 Max. number of VMs and SLB built-in servers per system (Except for Firewall)

20

7 Max. number of additional disks per system No explicit limit

8 Max. capacity of an additional disk 10TB ( =10000GB)

9 Max. number of attachable additional disks per VM

14

10 Max. number of global IP address per system 10

11 Max. number of backups per system disk No explicit limit

12 Max. number of backups per additional disk No explicit limit

13 Max. number of saved system structure (on creation)

No explicit limit

14 Max. number of saved system structure (on edit) 1

15 Max. number of simultaneous VPN connections per segment

20

No. Items Limitation value

16 Max. number of firewall rules (all directions) 800

17 Max. number of load balance groups per SLB built-in server

32

18 Max. number of VMs for load balancing per load balance group

Depends on the max. number of VMs in a

segment

19 Max. key length of the server certificate registered at SLB built-in server.

2,048bit

20 Max. file size of Error page registered at SLB built-in server.

32,767byte

21 Max. number of configuration backups per built-in server

No explicit limit

22 Max. number of user created images No explicit limit

23 Max. number of user created templates No explicit limit

24 The maximum number of possible private IP addresses

139

Page 78: FUJITSU Cloud IaaS Trusted Public S5 Service Catalog · FUJITSU Cloud IaaS Trusted Public S5 Service Catalog February, 2015 ... Speedy Just select the ... Connect via SSL-VPN,

Top Related