Citrix Systems Switch 4.2 User Manual

CloudPlatform(powered by ApacheCloudStack) Version 4.2Administrator's GuideRevised October 27, 2013 10:50 pm PacificCitrix CloudPlatform

CloudPlatform (powered by Apache CloudStack) Version 4.2 Administrator's Guidex22.3. Log Collection Utility cloud-bugtool ...

Chapter 11. Working With Virtual Machines90The default format of the internal name is i-<user_id>-<vm_id>-<instance.name>, whereinst

Affinity Groups91• Host tags. The administrator can assign tags to hosts. These tags can be used to specify which hosta VM should use. The CloudPlatfo

Chapter 11. Working With Virtual Machines925.Click the Change Affinity button. View Members of an Affinity GroupTo see which VMs are currently assigne

Limitations on VM Snapshots9311.9.1. Limitations on VM Snapshots• If a VM has some stored snapshots, you can't attach new volume to the VM or del

Chapter 11. Working With Virtual Machines94NoteIf a snapshot is already in progress, then clicking this button will have no effect.5. Provide a name a

Changing the Service Offering for a VM956. Make the desired changes to the following:• Display name: Enter a new display name if you want to change th

Chapter 11. Working With Virtual Machines96with previous versions will not have the dynamic scaling capability unless you update them using thefollowi

Resetting the Virtual Machine Root Volume on Reboot97• When scaling memory or CPU for a Linux VM on VMware, you might need to run scripts in additiont

Chapter 11. Working With Virtual Machines98NoteIf the VM's storage has to be migrated along with the VM, this will be noted in the host list.Clou

Adding an ISO99contains an OS image. CloudPlatform allows a user to boot a guest VM off of an ISO image. Userscan also attach ISO images to guest VMs.

Chapter 1.1Getting More Information and Help1.1. Additional Documentation AvailableThe following guides are available:• Installation Guide — Covers in

Chapter 11. Working With Virtual Machines100NoteIt is not recommended to choose an older version of the OS than the version in the image.For example,

Changing a VM's Base Image101type of image). When this call occurs, the VM's root disk is first destroyed, then a new root disk iscreated fr

102

Chapter 12.103Working With Hosts12.1. Adding HostsAdditional hosts can be added at any time to provide more capacity for guest VMs. For requirementsan

Chapter 12. Working With Hosts1041. In the Resources pane, select the server, then do one of the following:• Right-click, then click Enter Maintenance

Removing XenServer and KVM Hosts10512.4.1. Removing XenServer and KVM HostsA node cannot be removed from a cluster until it has been placed in mainten

Chapter 12. Working With Hosts106orchestrate. CloudPlatform can automatically understand the UCS environment, server profiles, etc. soCloudPlatform ad

Disassociating a Profile from a UCS Blade1076. Click the name of the UCS Manager.A list is displayed that shows the names of the blades that are insta

Chapter 12. Working With Hosts108mysql> select id from cloud.host where name like '%h%';4. This should return a single ID. Record the set

Limitations on Over-Provisioning in XenServer and KVM10912.9.1. Limitations on Over-Provisioning in XenServer and KVM• In XenServer, due to a constrai

2

Chapter 12. Working With Hosts110done, CloudPlatform recalculates or scales the used and reserved capacities based on the new over-provisioning ratios

VLAN Allocation Example111CloudPlatform manages VLANs differently based on hypervisor type. For XenServer or KVM, theVLANs are created on only the hos

Chapter 12. Working With Hosts1125. Click Physical Network.6. In the Guest node of the diagram, click Configure.7.Click Edit The VLAN Ranges field now

Chapter 13.113Working with TemplatesA template is a reusable configuration for virtual machines. When users launch VMs, they can choosefrom a list of

Chapter 13. Working with Templates114A default template is provided for each of XenServer, KVM, and vSphere. The templates thatare downloaded depend o

Creating a Template from a Snapshot115• Name and Display Text. These will be shown in the UI, so choose something descriptive.• OS Type. This helps Cl

Chapter 13. Working with Templates116Templates are uploaded based on a URL. HTTP is the supported access protocol. Templates arefrequently large files

Exporting Templates11713.9. Exporting TemplatesEnd users and Administrators may export templates from the CloudPlatform. Navigate to the templatein th

Chapter 13. Working with Templates1181. Download and install the Windows AIKNoteWindows AIK should not be installed on the Windows 2008 R2 VM you just

System Preparation for Windows Server 2008 R2119b. You need to automate the Software License Terms Selection page, otherwise known as theEnd-User Lice

Chapter 2.3Concepts2.1. What Is CloudPlatform?CloudPlatform is a software platform that pools computing resources to build public, private, andhybrid

Chapter 13. Working with Templates120c. Make sure the license key is properly set. If you use MAK key, you can just enter the MAK keyon the Windows 20

System Preparation for Windows Server 2003 R2121You may read the AIK documentation and set many more options that suit your deployment.The steps above

Chapter 13. Working with Templates122a. Select Create New to create a new Answer File.b. Enter “Sysprep setup” for the Type of Setup.c. Select the app

Importing Amazon Machine Images123You need to have a XenServer host with a file-based storage repository (either a local ext3 SR or anNFS SR) to conve

Chapter 13. Working with Templates124# cat etc/fstab/dev/xvda / ext3 defaults 1 1/dev/xvdb /mnt ext3 defaults 0 0no

Converting a Hyper-V VM to a Template125# scp CentOS_6.2_x64 xenhost:/var/run/sr-mount/a9c5b8c8-536b-a193-a6dc-51af3e5ff799/15. Log in to the Xenserve

Chapter 13. Working with Templates1263. Name the VM, choose the NFS VHD SR under Storage, enable "Run Operating System Fixups"and choose the

Linux OS Installation127new password to the virtual router for the account. Thus an instance reboot is necessary to effect anypassword changes.If the

128

Chapter 14.129Working With Storage14.1. Storage OverviewCloudPlatform defines two types of storage: primary and secondary. Primary storage can be acce

Chapter 2. Concepts4Massively Scalable Infrastructure ManagementCloudPlatform can manage tens of thousands of servers installed in multiple geographic

Chapter 14. Working With Storage130VMwarevSphereCitrixXenServerKVM Oracle VMFiber Channel support VMFS Yes, viaExisting SRYes, viaSharedMountpointNoNF

Maintenance Mode for Primary Storage13114.2.5. Maintenance Mode for Primary StoragePrimary storage may be placed into maintenance mode. This is useful

Chapter 14. Working With Storage132Then log in to the CloudPlatform UI and stop and start (not reboot) the Secondary Storage VM for thatZone.14.3.3. C

Uploading an Existing Volume to a Virtual Machine133local data volumes can be attached to virtual machines, detached, re-attached, and deleted just as

Chapter 14. Working With Storage1344. Click Upload Volume.5. Provide the following:• Name and Description. Any desired name and a brief description th

Detaching and Moving Volumes13514.4.4. Detaching and Moving VolumesNoteThis procedure is different from moving volumes from one storage pool to anothe

Chapter 14. Working With Storage136NoteBecause of a limitation in VMware, live migration of storage for a VM is allowed only if the sourceand target s

Resizing Volumes1371. Log in to the CloudPlatform UI as a user or admin.2. In the left navigation bar, click Instances, and click the VM name.3. (KVM

Chapter 14. Working With Storage1384.Select the volume name in the Volumes list, then click the Resize Volume button 5. In the Resize Volume pop-up, c

Automatic Snapshot Creation and Retention139CloudPlatform supports snapshots of disk volumes. Snapshots are a point-in-time capture of virtualmachine

Management Server Overview5A more full-featured installation consists of a highly-available multi-node Management Serverinstallation and up to thousan

Chapter 14. Working With Storage140When a snapshot is taken manually, a snapshot is always created regardless of whether a volume hasbeen active or no

Chapter 15.141Working with UsageThe Usage Server is an optional, separately-installed part of CloudPlatform that provides aggregatedusage records whic

Chapter 15. Working with Usage142Parameter Name DescriptionDefault: The time zone of the managementserver.usage.sanity.check.interval The number of da

Setting Usage Limits143• enable.usage.server = true• usage.execution.timezone = America/New_York• usage.stats.job.exec.time = 07:00. This will run the

Chapter 15. Working with Usage144Parameter Name Descriptionmax.account.primary.storage (GB) Maximum primary storage space that can beused for an accou

Default Account Resource Limits145Parameter Name Definitionmax.volume.size.gb Maximum size for a volume in GBnetwork.throttling.rate The default data

Chapter 15. Working with Usage14615.2.3. Per-Domain LimitsCloudPlatform allows the configuration of limits on a domain basis. With a domain limit in p

Chapter 16.147Managing Networks and TrafficIn a CloudPlatform, guest VMs can communicate with each other using shared infrastructure with thesecurity

Chapter 16. Managing Networks and Traffic148Servers are connected as follows:• Storage devices are connected to only the network that carries manageme

Basic Zone Physical Network Configuration149A firewall for management traffic operates in the NAT mode. The network typically is assigned IPaddresses

Chapter 2. Concepts6• Zone: Typically, a zone is equivalent to a single datacenter. A zone consists of one or more podsand secondary storage.• Pod: A

Chapter 16. Managing Networks and Traffic1501. In the left navigation, choose Infrastructure. On Zones, click View More, then click the zone towhich y

Configuring a Shared Guest Network15116.5.3. Configuring a Shared Guest Network1. Log in to the CloudPlatform UI as administrator.2. In the left navig

Chapter 16. Managing Networks and Traffic152• Network Domain: A custom DNS suffix at the level of a network. If you want to assign a specialdomain nam

Enabling Security Groups15316.6.3. Enabling Security GroupsIn order for security groups to function in a zone, the security groups feature must first

Chapter 16. Managing Networks and Traffic154• Account, Security Group. (Add by Account only) To accept only traffic from another securitygroup, enter

About Using a NetScaler Load Balancer155An external Juniper SRX or Cisco ASA can be used for:• Source NAT• Static NAT• Firewall• Port forwardingA NetS

Chapter 16. Managing Networks and Traffic156NetScaler ADC Type Description of Capabilities CloudPlatform SupportedFeaturesact as application firewall

Initial Setup of External Firewalls and Load Balancers157# sec.name source communitycom2sec local localhost publiccom2sec

Chapter 16. Managing Networks and Traffic158The following objects are created on the load balancer:• A new VLAN that matches the account's provis

Configuring AutoScale1596. In the Load Balancing node of the diagram, click View All.In a Basic zone, you can also create a load balancing rule withou

Networking Overview7• Basic. Provides a single network where guest isolation can be provided through layer-3 means suchas security groups (IP address

Chapter 16. Managing Networks and Traffic160VMs automatically and launching new VMs when you need them, without the need for manualintervention.NetSca

Configuring AutoScale161ConfigurationSpecify the following:• Template: A template consists of a base OS image and application. A template is used to p

Chapter 16. Managing Networks and Traffic162NoteIf an application, such as SAP, running on a VM instance is down for some reason, the VMis then not co

Configuring AutoScale163• Polling interval: Frequency in which the conditions, combination of counter, operator and threshold,are to be evaluated befo

Chapter 16. Managing Networks and Traffic164Runtime Considerations• An administrator should not assign a VM to a load balancing rule which is configur

Global Server Load Balancing165You can delete or modify existing health check policies.To configure how often the health check is performed by default

Chapter 16. Managing Networks and Traffic166• Load Balancing or Content Switching Virtual Servers: According to Citrix NetScaler terminology,a load ba

Configuring GSLB167Tenant-A wishes to leverage the GSLB service provided by the xyztelco cloud. Tenant-A configuresa GSLB rule to load balance traffic

Chapter 16. Managing Networks and Traffic168To configure GSLB in your cloud environment, as a cloud administrator you must first configure astandard l

Configuring GSLB1693. In each zone that are participating in GSLB, add GSLB-enabled NetScaler device.For more information, see Section 16.9.2.2, “Enab

8

Chapter 16. Managing Networks and Traffic1703. In Zones, click View More.4. Choose the zone you want to work with.5. Click the Physical Network tab, t

Configuring GSLB1716. Specify the following:• Name: Name for the GSLB rule.• Description: (Optional) A short description of the GSLB rule that can be

Chapter 16. Managing Networks and Traffic1727. Click assign more load balancing.8. Select the load balancing rule you have created for the zone.9. Cli

Reconfiguring Networks in VMs173This feature is supported on XenServer, VMware, and KVM hypervisors.16.10.2.1. PrerequisitesFor adding or removing net

Chapter 16. Managing Networks and Traffic1742. In the left navigation, click Instances.3. Choose the VM that you want to work with.4. Click the NICs t

Reserving Public IP Addresses and VLANs for Accounts17516.14. Reserving Public IP Addresses and VLANs forAccountsCloudPlatform provides you the abilit

Chapter 16. Managing Networks and Traffic176• Domain: The domain associated with the account.To create a new IP range and assign an account, perform t

IP Reservation in Isolated Guest Networks177• Domain: The domain associated with the account.16.15. IP Reservation in Isolated Guest NetworksIn isolat

Chapter 16. Managing Networks and Traffic178Case CIDR Network CIDR Reserved IPRange for Non-CloudPlatformVMsDescriptionCIDR field in theUI.3 10.1.1.0/

Use Cases179supported on all the network configurations—Basic, Advanced, and VPC. Security Groups, Static NATand Port forwarding services are supporte

Chapter 3.9Cloud Infrastructure Concepts3.1. About RegionsTo increase reliability of the cloud, you can optionally group resources into multiple geogr

Chapter 16. Managing Networks and Traffic180passed, NAT is configured on the specified private IP of the VM. if not passed, NAT is configured onthe pr

About Elastic IP18110. Specify the following:All the fields are mandatory.• Gateway: The gateway for the tier you create. Ensure that the gateway is w

Chapter 16. Managing Networks and Traffic182services if a NetScaler device is deployed in your zone. Consider the following illustration for moredetai

Portable IPs183NoteInbound NAT (INAT) is a type of NAT supported by NetScaler, in which the destination IPaddress is replaced in the packets from the

Chapter 16. Managing Networks and Traffic184The salient features of Portable IP are as follows:• IP is statically allocated• IP need not be associated

Transferring Portable IP1856. Specify whether you want cross-zone IP or not.7. Click Yes in the confirmation dialog.Within a few moments, the new IP a

Chapter 16. Managing Networks and Traffic1865. Click the IP address you want to work with.6.Click the Static NAT button.The button toggles between E

Egress Firewall Rules in an Advanced Zone1872. In the left navigation, choose Network.3. In Select view, choose Guest networks, then click the Guest n

Chapter 16. Managing Networks and Traffic188a. Log in with admin privileges to the CloudPlatform UI.b. In the left navigation bar, click Service Offer

Port Forwarding189• ICMP Type and ICMP Code. Used only if Protocol is set to ICMP. Provide the type and coderequired by the ICMP protocol to fill out

CloudPlatform (powered by Apache CloudStack) Version 4.2 Administrator's GuideCloudPlatform (powered by Apache CloudStack) Version 4.2Administrat

Chapter 3. Cloud Infrastructure Concepts10The benefit of organizing infrastructure into zones is to provide physical isolation and redundancy. Forexam

Chapter 16. Managing Networks and Traffic190• Least connection• Source IPThis is similar to port forwarding but the destination may be multiple IP add

Using Remote Access VPN with Windows191• remote.access.vpn.psk.length – Length of the IPSec key.• remote.access.vpn.user.limit – Maximum number of VPN

Chapter 16. Managing Networks and Traffic19212. Enter the user name and password from step 1.16.24.3. Using Remote Access VPN with Mac OS XFirst, be s

Setting Up a Site-to-Site VPN Connection193NoteIn addition to the specific Cisco and Juniper devices listed above, the expectation is that anyCisco or

Chapter 16. Managing Networks and Traffic194Provide the following information:• Name: A unique name for the VPN customer gateway you create.• Gateway:

Setting Up a Site-to-Site VPN Connection195NoteThe IKE peers (VPN end points) authenticate each other by computing and sending akeyed hash of data tha

Chapter 16. Managing Networks and Traffic196NoteWhen PFS is turned on, for every negotiation of a new phase-2 SA the two gateways mustgenerate a new s

Setting Up a Site-to-Site VPN Connection197The VPC page is displayed where all the tiers you created are listed in a diagram.5. Click the Settings ico

Chapter 16. Managing Networks and Traffic198All the VPCs that you create for the account are listed in the page.4. Click the Configure button of the V

Setting Up a Site-to-Site VPN Connection199• Gateway• State• IPSec Preshared Key• IKE Policy• ESP Policy16.24.4.4. Restarting and Removing a VPN Conne

About Pods11For each zone, the administrator must decide the following.• How many pods to place in a zone.• How many clusters to place in each pod.• H

Chapter 16. Managing Networks and Traffic2009. To remove a VPN connection, click the Delete VPN connection button To restart a VPN connection, click t

Prerequisites201• Understanding Private VLANs8• Cisco Systems' Private VLANs: Scalable Security in a Multi-Client Environment9• Private VLAN (PVL

Chapter 16. Managing Networks and Traffic2029. Click Add guest network.The Add guest network window is displayed.10. Specify the following:• Name: The

About Inter-VLAN Routing203This feature is supported on XenServer and VMware hypervisors.The major advantages are:• The administrator can deploy a set

Chapter 16. Managing Networks and Traffic204To set up a multi-tier Inter-VLAN deployment, see Section 16.27, “Configuring a Virtual Private Cloud”.16.

About Virtual Private Clouds205• Private Gateway: All the traffic to and from a private network routed to the VPC through the privategateway. For more

Chapter 16. Managing Networks and Traffic206• All network tiers inside the VPC should belong to the same account.• When a VPC is created, by default,

Adding Tiers207Provide the following information:• Name: A short name for the VPC that you are creating.• Description: A brief description of the VPC.

Chapter 16. Managing Networks and Traffic208NoteThe end users can see their own VPCs, while root and domain admin can see any VPC theyare authorized t

Configuring Network Access Control List209For more information, see Section 12.10.3, “Assigning VLANs to Isolated Networks”.• Netmask: The netmask for

Chapter 3. Cloud Infrastructure Concepts123.4. About ClustersA cluster provides a way to group hosts. To be precise, a cluster is a XenServer server p

Chapter 16. Managing Networks and Traffic210• Virtual Machines• CIDRThe following router information is displayed:• Private Gateways• Public IP Addres

Configuring Network Access Control List211protocol is typically used to send error messages or network monitoring data. All supports all thetraffic. O

Chapter 16. Managing Networks and Traffic21216.27.5. Adding a Private Gateway to a VPCA private gateway can be added by the root admin only. The VPC p

Adding a Private Gateway to a VPC2138. Specify the following:• Physical Network: The physical network you have created in the zone.• IP Address: The I

Chapter 16. Managing Networks and Traffic214gateway to avoid IP conflicts. If Source NAT is enabled, the guest VMs in VPC reaches the enterprisenetwor

Deploying VMs to the Tier21516.27.5.4. Blacklisting RoutesCloudPlatform enables you to block a list of routes so that they are not assigned to any of

Chapter 16. Managing Networks and Traffic216For more information about how the templates came to be in this list, see Chapter 13, Workingwith Template

Releasing an IP Address Alloted to a VPC217The VPC page is displayed where all the tiers you created are listed in a diagram.The following options are

Chapter 16. Managing Networks and Traffic218• Static NAT• Virtual Machines• CIDRThe following router information is displayed:• Private Gateways• Publ

Adding Load Balancing Rules on a VPC219The following router information is displayed:• Private Gateways• Public IP Addresses• Site-to-Site VPNs• Netwo

About Hosts13server with CloudPlatform. There may be multiple vCenter servers per zone. Each vCenter server maymanage multiple VMware clusters.3.5. Ab

Chapter 16. Managing Networks and Traffic2202. Create a network offering, as given in Section 16.27.11.1.2, “Creating a Network Offering forPublic LB”

Adding Load Balancing Rules on a VPC22116.27.11.1.3. Creating a Public LB Rule1. Log in to the CloudPlatform UI as an administrator or end user.2. In

Chapter 16. Managing Networks and Traffic222• Source• Stickiness. (Optional) Click Configure and choose the algorithm for the stickiness policy. SeeSt

Adding Load Balancing Rules on a VPC22316.27.11.2.2. Enabling Internal LB on a VPC Tier1. Create a network offering, as given in Section 16.27.11.2.4,

Chapter 16. Managing Networks and Traffic224• Name: Any desired name for the network offering.• Description: A short description of the offering that

Adding a Port Forwarding Rule on a VPC225• Name: A name for the load balancer rule.• Description: A short description of the rule that can be displaye

Chapter 16. Managing Networks and Traffic226The IP Addresses page is displayed.6. Click the IP address for which you want to create the rule, then cli

Editing, Restarting, and Removing a Virtual Private Cloud22716.27.14. Editing, Restarting, and Removing a Virtual Private CloudNoteEnsure that all the

Chapter 16. Managing Networks and Traffic228• When you create a guest network, the network offering that you select defines the networkpersistence. Th

Chapter 17.229Working with System Virtual MachinesCloudPlatform uses several types of system virtual machines to perform tasks in the cloud. In genera

Chapter 3. Cloud Infrastructure Concepts14• Dell EqualLogic™ for iSCSI• Network Appliances filers for NFS and iSCSI• Scale Computing for NFSIf you int

Chapter 17. Working with System Virtual Machines230The VNC traffic never goes through the guest virtual IP, and there is no need to enable VNC within

Virtual Router231d. Convert your private key format into PKCS#8 encrypted format.openssl pkcs8 -topk8 -in yourprivate.key -out yourprivate.pkcs8.encry

Chapter 17. Working with System Virtual Machines23217.4.2. Upgrading a Virtual Router with System Service OfferingsWhen CloudPlatform creates a virtua

Chapter 18.233System Reliability and High Availability18.1. HA for Management ServerThe CloudPlatform Management Server should be deployed in a multi-

Chapter 18. System Reliability and High Availability23418.4. Primary Storage Outage and Data LossWhen a primary storage outage occurs, all hosts in th

Limitations on API Throttling23518.6.2. Limitations on API ThrottlingThe following limitations exist in the current implementation of this feature.Not

236

Chapter 19.237Managing the Cloud19.1. Using Tags to Organize Resources in the CloudA tag is a key-value pair that stores metadata about a resource in

Chapter 19. Managing the Cloud238• listNetworkACLs• listStaticRoutes19.2. Setting Configuration Parameters19.2.1. About Configuration ParametersCloudP

Setting Global Configuration Parameters239Field Valuehost This is the IP address of the ManagementServer. If you are using multiple ManagementServers

Basic Zone Network Traffic Types15type for each network vary depending on whether you are creating a zone with basic networking oradvanced networking.

Chapter 19. Managing the Cloud2404. Click the name of the resource where you want to set a limit.5. Click the Settings tab.6. Use the search box to na

Granular Global Configuration Parameters241Field Field Valueare sent that the availablememory is below the threshold.cluster cluster.cpu.allocated.cap

Chapter 19. Managing the Cloud242Field Field Valuebecause the available storagecapacity is below the threshold.zone storage.overprovisioning.factor Us

Customizing Alerts with Global Configuration Settings243For a list of CloudPlatform alerts, see Appendix B, Alerts. For the most up-to-date list, call

Chapter 19. Managing the Cloud244Each SNMP trap contains the following information: message, podId, dataCenterId, clusterId, andgenerationTime.19.4.2.

Customizing the Network Domain Name245</appender>The following example shows how to configure two Syslog managers at IP addresses 10.1.1.1and 10

Chapter 19. Managing the Cloud246• For all networks, if a network domain is specified as part of a network's own configuration, that valueis used

Chapter 20.247CloudPlatform APIThe CloudPlatform API is a low level API that has been used to implement the CloudPlatform webUIs. It is also a good ba

Chapter 20. CloudPlatform API248• local-hostname. The hostname of the VM• public-ipv4. The first public IP for the router. (E.g. the first IP of eth2)

Chapter 21.249TuningThis section provides tips on how to improve the performance of your cloud.21.1. Performance MonitoringHost and guest performance

Chapter 3. Cloud Infrastructure Concepts16you must also configure a network to carry public traffic. CloudPlatform takes care of presenting thenecessa

Chapter 21. Tuning250For more information about the buffer pool, see "The InnoDB Buffer Pool" at MySQL ReferenceManual2.21.4. Set and Monito

Chapter 22.251Troubleshooting22.1. EventsAn event is essentially a significant or meaningful change in the state of both virtual and physicalresources

Chapter 22. Troubleshooting252ConfigurationAs a CloudPlatform administrator, perform the following one-time configuration to enable eventnotification

Event Log Queries253• INFO. This event is generated when an operation has been successfully performed.• WARN. This event is generated in the following

Chapter 22. Troubleshooting25422.1.6.1. PermissionsConsider the following:• The root admin can delete or archive one or multiple alerts or events.• Th

Log Collection Utility cloud-bugtool25522.3. Log Collection Utility cloud-bugtoolCloudPlatform provides a command-line utility called cloud-bugtool to

Chapter 22. Troubleshooting256CauseIt is possible that a client from outside the intended pool has mounted the storage. When this occurs,the LVM is wi

Unable to deploy VMs from uploaded vSphere template257CauseThe CloudPlatform administrator UI was used to place the host in scheduled maintenance mode

Chapter 22. Troubleshooting258VMware Knowledge Base Article122.9. Load balancer rules fail after changing networkofferingSymptomAfter changing the net

259Appendix A. Event TypesVM.CREATE TEMPLATE.EXTRACT SG.REVOKE.INGRESSVM.DESTROY TEMPLATE.UPLOAD HOST.RECONNECTVM.START TEMPLATE.CLEANUP MAINT.CANCELV

Advanced Zone Public IP Addresses173.8.5. Advanced Zone Public IP AddressesWhen advanced networking is used, the administrator can create additional n

260

261Appendix B. AlertsThe following is the list of alert type numbers. The current alerts can be found by calling the listAlertsAPI command.MEMORY = 0

Appendix B. Alerts262STORAGE_DELETE = 20 // Failed to delete storage poolUPDATE_RESOURCE_COUNT = 21 // Failed to update the resource countUSAGE_SANITY

18

Chapter 4.19Accounts4.1. Accounts, Users, and DomainsAccountsAn account typically represents a customer of the service provider or a department in a l

iii1. Getting More Information and Help 11.1. Additional Docum

Chapter 4. Accounts204.1.1. Dedicating Resources to Accounts and DomainsThe root administrator can dedicate resources to a specific domain or account

Using an LDAP Server for User Authentication21If you delete an account or domain, any hosts, clusters, pods, and zones that were dedicated to it arefr

Chapter 4. Accounts225. Specify the following:• Bind DN: The full distinguished name (DN), including common name (CN), of an LDAP useraccount that has

Example LDAP Configuration Commands236. Click OK.4.2.1.2. Removing an LDAP Configuration1. Log in to the CloudPlatform.2. From the left navigational b

Chapter 4. Accounts24depending on which LDAP server you are using. A full discussion of distinguished names is outsidethe scope of our documentation.

Search User Bind DN25(&(sAMAccountName=%u) or (&(mail=%e))4.2.5. Search User Bind DNThe bind DN is the user on the external LDAP server permi

26

Chapter 5.27User Services OverviewIn addition to the physical and logical infrastructure of your cloud, and the CloudPlatform software andservers, you

28

Chapter 6.29User Interface6.1. Supported BrowsersThe CloudPlatform web-based UI is available in the following popular browsers:• Mozilla Firefox 22 or

CloudPlatform (powered by Apache CloudStack) Version 4.2 Administrator's Guideiv7. Using Projects to Organize Users and Resources

Chapter 6. User Interface306.2.2. Root Administrator's UI OverviewThe CloudPlatform UI helps the CloudPlatform administrator provision, view, and

Changing the Root Password31WarningYou are logging in as the root administrator. This account manages the CloudPlatformdeployment, including physical

Chapter 6. User Interface32For more information on creating a new instance, see Section 11.4, “Creating VMs”.2. Download the script file cloud-set-gue

Creating an Instance332. Copy the key data into a file. The file looks like this:-----BEGIN RSA PRIVATE KEY-----MIICXQIBAAKBgQCSydmnQ67jP6lNoXdX3noZjQ

34

Chapter 7.35Using Projects to Organize Users andResources7.1. Overview of ProjectsProjects are used to organize people and resources. CloudPlatform us

Chapter 7. Using Projects to Organize Users and Resources361. Log in as administrator to the CloudPlatform UI.2. In the left navigation, click Global

Creating a New Project373. In the search box, type allow.user.create.projects.4.Click the edit button to set the parameter. allow.user.create.projects

Chapter 7. Using Projects to Organize Users and Resources385. Click the Invitations tab.6. In Add by, select one of the following:a. Account – The inv

Suspending or Deleting a Project397.6. Suspending or Deleting a ProjectWhen a project is suspended, it retains the resources it owns, but they can no

v10.4.1. Individual ... 7410.4.2. Support Matrix f

40

Chapter 8.41Steps to Provisioning Your CloudInfrastructureThis section tells how to add regions, zones, pods, clusters, hosts, storage, and networks t

Chapter 8. Steps to Provisioning Your Cloud Infrastructure428.2. Adding Regions (optional)Grouping your cloud resources into geographic regions is an

Adding Third and Subsequent Regions433. Now add the new region to region 1 in CloudPlatform.a. Log in to CloudPlatform in the first region as root adm

Chapter 8. Steps to Provisioning Your Cloud Infrastructure442. Once the Management Server is running, add your new region to all existing regions by r

Adding a Zone452. In the left navigation bar, click Regions.3. Click the name of the region you want to delete.4. Click the Remove Region button.5. Re

Chapter 8. Steps to Provisioning Your Cloud Infrastructure46This process will require approximately 5 GB of free space on the local file system and up

Steps to Add a New Zone47For more information about the network types, see Network Setup.7. The rest of the steps differ depending on whether you chos

Chapter 8. Steps to Provisioning Your Cloud Infrastructure48The traffic types are management, public, guest, and storage traffic. For more information

Steps to Add a New Zone49• Pod Name. A name for the pod.• Reserved system gateway. The gateway for the hosts in that pod.• Reserved system netmask. Th

CloudPlatform (powered by Apache CloudStack) Version 4.2 Administrator's Guidevi12.7. Using Cisco UCS as Bare Metal Host CloudPlatform ...

Chapter 8. Steps to Provisioning Your Cloud Infrastructure50• KVM vSphere Installation and Configuration• Oracle VM (OVM) Installation and Configurati

Steps to Add a New Zone51• Public. A public zone is available to all users. A zone that is not public will be assigned to aparticular domain. Only use

Chapter 8. Steps to Provisioning Your Cloud Infrastructure524. Click Next.5. Configure the IP range for public Internet traffic. Enter the following d

Steps to Add a New Zone53• Start/End Reserved System IP. The IP range in the management network that CloudPlatformuses to manage various system VMs, s

Chapter 8. Steps to Provisioning Your Cloud Infrastructure54more information, see HA-Enabled Virtual Machines as well as HA for Hosts, both in theAdmi

Adding a Pod55SharedMountPoint • Path. The path on each host that is where this primarystorage is mounted. For example, "/mnt/primary".• Tag

Chapter 8. Steps to Provisioning Your Cloud Infrastructure565. Enter the following details in the dialog.• Name. The name of the pod.• Gateway. The ga

Add Cluster: vSphere573. Click the Compute tab. In the Pods node, click View All. Select the same pod you used in step 1.4. Click View Clusters, then

Chapter 8. Steps to Provisioning Your Cloud Infrastructure582. Log in to the UI.3. In the left navigation, choose Infrastructure. In Zones, click View

Add Cluster: vSphere59If you have enabled Nexus dvSwitch in the environment, the following parameters for dvSwitchconfiguration are displayed:• Nexus

vii14.4.8. Volume Deletion and Garbage Collection ... 13814.5. Working with Snapshots ...

Chapter 8. Steps to Provisioning Your Cloud Infrastructure608.6. Adding a Host1. Before adding a host to the CloudPlatform configuration, you must fir

Adding a Host (XenServer, KVM, or OVM)61For all additional hosts to be added to the cluster, run the following command. This will cause the hostto joi

Chapter 8. Steps to Provisioning Your Cloud Infrastructure627. Click Add Host.8. Provide the following information.• Host Name. The DNS name or IP add

Adding Secondary Storage63• Pod. (Visible only if you choose Cluster in the Scope field.) The pod for the storage device.• Cluster. (Visible only if y

Chapter 8. Steps to Provisioning Your Cloud Infrastructure643. Log in to the CloudPlatform UI as root administrator.4. In the left navigation bar, cli

Initialize and Test655. In Secondary Storage, click View All.6. In Select View, choose Secondary Staging Store.7. Click the Add NFS Secondary Staging

Chapter 8. Steps to Provisioning Your Cloud Infrastructure66If you decide to grow your deployment, you can add more hosts, primary storage, zones, pod

Chapter 9.67Service OfferingsIn this chapter we discuss compute, disk, and system service offerings. Network offerings arediscussed in the section on

Chapter 9. Service Offerings68• Storage type: The type of disk that should be allocated. Local allocates from storage attacheddirectly to the host whe

Modifying or Deleting a Service Offering69• Disk Size. Appears only if Custom Disk Size is not selected. Define the volume size in GB.• QoS Type. Thre

CloudPlatform (powered by Apache CloudStack) Version 4.2 Administrator's Guideviii16.15.2. Limitations ...

Chapter 9. Service Offerings705. In the dialog, make the following choices:• Name. Any desired name for the system offering.• Description. A short des

Changing the Secondary Storage VM Service Offering on a Guest Network716.Click the Change Service button. 7. Select the offering you want.The Change s

72

Chapter 10.73Setting Up Networking for Users10.1. Overview of Setting Up Networking for UsersPeople using cloud infrastructure have a variety of needs

Chapter 10. Setting Up Networking for Users74• Source NAT per zone is not supported when the service provider is virtual router. However, SourceNAT pe

Support Matrix for an Isolated Network (Combination)75Virtual Router VPC VirtualRouterBigIP F5 Juniper SRX CitrixNetScalerPortForwardingY Y N Y NLoad

Chapter 10. Setting Up Networking for Users76NWDevicesDHCP DNS UserDataSourceNATStaticNATPortForwardingLoadBalancingRemoteVPNNetworkACLUsageMonitoring

Support Matrix for Basic Zone7710.4.4. Support Matrix for Basic ZoneY = SupportedN = Not SupportedNWDevicesDHCP DNS UserDataSourceNATStaticNATPortForw

Chapter 10. Setting Up Networking for Users78a web server farm and require a scalable firewall solution, load balancing solution, and alternatenetwork

Creating a New Network Offering79• Supported Services. Select one or more of the possible network services. For some services,you must also choose the

ix17. Working with System Virtual Machines 22917.1. The System VM Template

Chapter 10. Setting Up Networking for Users80Supported Services Description Isolated Sharedbeen configured inthe cloud.VPN For more information,see Se

Changing the Network Offering on a Guest Network81Side by Side: In side by side mode, a firewall device is deployed in parallel with the loadbalancer

Chapter 10. Setting Up Networking for Users822. If you are changing from a network offering that uses the CloudPlatform virtual router to onethat uses

Creating and Changing a Virtual Router Network Offering83• System Offering. Choose the system service offering that you want virtual routers to use in

84

Chapter 11.85Working With Virtual Machines11.1. About Working with Virtual MachinesCloudPlatform provides administrators with complete control over th

Chapter 11. Working With Virtual Machines8611.2.1. Monitor VMs for Max CapacityThe CloudPlatform administrator should monitor the total number of VM i

Creating VMs87Once a virtual machine is destroyed, it cannot be recovered. All the resources used by the virtualmachine will be reclaimed by the syste

Chapter 11. Working With Virtual Machines882. In the left navigation bar, click Instances.3. Click Add Instance.4. Select a zone.5. Select a template,

Accessing VMs89virtual machine. A linked clone is also a copy of an existing virtual machine, but it has ongoingdependency on the original. A linked c