Designing CloudStack Clouds

Geoff HigginbottomCTO ShapeBlue

geoff.higginbottom@shapeblue.comTwitter: @CloudStackGuru

www.shapeblue.com

@CloudStackGuru

Cloud Architect & ShapeBlue CTO Specialise in….

Designing & Building Clouds based on Apache CloudStack / Citrix CloudPlatform

Developing CloudStack training Blogging and sharing CloudStack knowledge

Involved with CloudStack before donation to Apache Designed Clouds for Cloudera ,SunGard, Ascenty, BskyB, Trader

Media, M5 Hosting, Team Cymru, Interoute, University of Pennsylvania.…

CloudStack Committer

About Me

www.shapeblue.com

@CloudStackGuru

“ShapeBlue are expert builders of public &

private clouds. They are the leading global

Apache CloudStack / CloudPlatform integrator & consultancy”

About ShapeBlue

www.shapeblue.com

@CloudStackGuru

WHY?

www.shapeblue.com

@CloudStackGuru

Type of Cloud

Public

Enterprise

Test & Dev

www.shapeblue.com

@CloudStackGuru

Requirements

Type

Scale

Workloads

Portal

Integration

Bursting

Preferred Technologies

Existing Skills

Managed Services

SecurityMonitoring

Logging

SLAs

StorageTime Scales

User Experience

Templates

www.shapeblue.com

@CloudStackGuru

Design Team

Marketing

Product Development

Billing

NetworkingStorage

Compute

CloudStack ‘Expert’QA / Testing

Support

Decision Makers

www.shapeblue.com

@CloudStackGuru

Design Team need to understand CloudStack, so train them first

Training

www.shapeblue.com

@CloudStackGuru

Design Cycle

Workloads

Requirements

Hypervisor Features

Existing Skills

Networking

Storage

Design is a reiterative process, with some design decisions impacting on others

www.shapeblue.com

@CloudStackGuru

Scale

www.shapeblue.com

@CloudStackGuru

Workloads

Enterprise Workloads should be a known quantity

Public Cloud Workloads are unknown

www.shapeblue.com

@CloudStackGuru

VM Profiles Memory CPU Storage Capacity Storage IOPS

Hypervisor Overhead

Storage Performance

Network Performance

Capacity Calculations

www.shapeblue.com

@CloudStackGuru

Hypervisor Selection and Decisions in CloudStack by Tim Mackey http://

open.citrix.com/cloud-computing-vids/video/latest/hypervisor-selection-and-decisions-in-cloudstack-by-tim-mackey.html

Existing Skills Feature Comparison

Zone Type, Snapshots, VXLAN, IPv6, SDN, VPC, PVLAN, Storage Licensing Costs Supportability Traditional Server vs Blades More than one – Hypervisor Agnostic

Hypervisor Choice

www.shapeblue.com

@CloudStackGuru

Heavily influenced by Requirements, Scale, and Zone modes

Is often the driver for other technology choices

Avoid Single Points of Failure Keep it simple

Networking

www.shapeblue.com

@CloudStackGuru

‘One size sits fits all’ may not be the best approach Each Zone can be a different Network Type

Basic Basic + Security Groups Basic + Security Groups + EIP / ELB Advanced Advanced + Security Groups

Zone Networking Modes

www.shapeblue.com

@CloudStackGuru

How many NICs 10GB / 1GB Bonding / Multipath Converged Traffic Allocations

Management Guest Public Storage

High Bandwidth Services

Hypervisor Networking

www.shapeblue.com

@CloudStackGuru

Primary Storage Local

Lack of HA Shared

NFS iSCSI Fibre Channel

Performance is critical, IOPS are king

Storage

www.shapeblue.com

@CloudStackGuru

Secondary Storage NFS S3 Swift

Storage

www.shapeblue.com

@CloudStackGuru

Resource Allocation All Public Some Public, Some

Dedicated All Dedicated

Reseller Model Account/Domain

Relationship 1-to-1 1-to-many

Domains and Accounts

www.shapeblue.com

@CloudStackGuru

Allocate resources to VMs CPU RAM Storage Performance Tagging

Cost associated with them Public or Private (linked to Domains) Keep them realistic

Service Offerings

www.shapeblue.com

@CloudStackGuru

Pre-Defined VM images Base OS, or fully installed Apps Licensing (RHEL, Windows) Self Build via ISOS Allow user generated Public? Allow user upload / download? Lifecycle Management

Templates & ISOs

www.shapeblue.com

@CloudStackGuru

Define test and acceptance criteria Develop test plans (manual UI and scripted API) Run tests to confirm initial build is good Use tests for testing future upgrades and expansions

Testing

www.shapeblue.com

@CloudStackGuru

Add on Services

Billing

Object Storage

VM Monitoring

Managed Services

Backup

Anti Virus

www.shapeblue.com

@CloudStackGuru

Management Farm

CloudStack Management

SQL DB

LDAP

DNS

Load Balancers

Portal

Billing

Monitoring

3rd Party Services

Automation

Admin

vCenter

www.shapeblue.com

@CloudStackGuru

CS M

anag

emen

t Ser

vers

CS M

ySql

Ser

vers

Net

Scal

er V

PXs

CM A

utom

ation

Ser

ver

Dep

loym

ent

Serv

er

Am

ysta

App

Ser

ver

Am

ysta

MyS

QL

Serv

er

Management Hosts

Compute Hosts

Secondary Primary

DC1 Software Management Farm

Guest Networks (Multiple VLANs)

Public Networks (Multiple VLANs)

DC1 Compute

Management Network

Secondary Storage Network (NFS) Primary Storage Network (iSCSI or NFS)

Management VMs Storage Network

CS M

anag

emen

t Ser

vers

CS M

ySql

Ser

vers

Net

Scal

er V

PXs

CM A

utom

ation

Ser

ver

Dep

loym

ent

Serv

er

Am

ysta

App

Ser

ver

Am

ysta

MyS

QL

Serv

er

Core Network

Management HostsManagement VMs

Storage Network

Compute HostsGuest Networks (Multiple VLANs)

Public Networks (Multiple VLANs)

Primary Secondary

Primary Storage Network (iSCSI or NFS) Secondary Storage Network (NFS)

Users Portal Access

WWW WWW

Tennant 1 Tennant 2 Tennant 3

WWW

Tennant 1 Tennant 2 Tennant 3

Private Cloud Tennant VMs on Compute in either DC1 or DC2Each Network is isolated via VLANs or SDN technologies.

Public Cloud Tennant VMs on Compute in either DC1 or DC2

Each Tennant has an Isolated Network protected by Virtual Router/Firewall.

Each Network is isolated via VLANs or SDN technologies.

Virtual Routers Public Networks are connected directly to the Internet enabling users to have full control of Firewall & Load Balancing features.

DC2 Compute

DC2 Software Management Farm

Virtual Routers

Guest Networks

Guest VMs

Public Network(s)

Management Network

Client access to Portal is Global Load Balanced by Citrix NetScaler VPXs running on Management Farm using One-Arm Configurations

Firewall functionality should be provided by

existing Firewalls running in HA Pair

Direct Access to Virtual Routers

1.0 15/08/13 1st release G Higginbottom / G SirettVer Date Description Issuer/ Reviewer

Example Logical Network Diagram Dual Zone

Netw

ork

Dia

gra

m

www.shapeblue.com

@CloudStackGuru

Production Very Strict Configuration Management

Pre-Production Same design as Production Smaller, but with all key components Strict Configuration Management

Testing Probably gets rebuilt every few months

Just the one Cloud?

www.shapeblue.com

@CloudStackGuru

“Build it and they will come” is the motto of a fool.

“Build it, take it to them, ask them to buy and serve them well”

is the motto of a successful person.© Larry Winget

www.shapeblue.com

@CloudStackGuru

“Design for tomorrow, build for today”

© Geoff Higginbottom 2013

Designing CloudStack Clouds

Geoff HigginbottomCTO ShapeBlue

geoff.higginbottom@shapeblue.comTwitter: @CloudStackGuru