RE: DR in CloudStack ?
Hi Octavian, In addition there is a lot of redundancy built into the Virtual Router. Good explanation available here http://blogs.clogeny.com/understanding-the-redundant-virtual-router-in-citri x-cloudplatform/ These articles provide pretty good overview of High Availability in CloudStack: http://blogs.clogeny.com/high-availability-disaster-recovery-for-apache-clou dstack/ http://blog.remibergsma.com/2012/05/02/high-availability-with-automatic-fail over-for-cloudstack-management-servers/ Regards, Michal Rodzos Solutions Architect Phone: 1300 144 007 | Mobile: +61 421 834 204 | Skype: michal.rodzos | Twitter -Original Message- From: Geoff Higginbottom [mailto:geoff.higginbot...@shapeblue.com] Sent: Wednesday, 4 December 2013 11:08 PM To: users@cloudstack.apache.org Subject: RE: DR in CloudStack ? Octavian, Your Compute Offering needs to be flagged as HA Enabled, this will then ensure that the VM will move to a new Host in the event of a Host failure. (FYI if you put a Host into Maintenance Mode, all VMs are migrated, regardless of their HA status) To move VMs between Clusters, you need to move the storage first, so this is not handled automatically. However the latest version (4.2) now supports Zone Wide Primary Storage for KVM and VMware so moving VMs between Clusters is possible if you are using this type of storage configuration. For XenServer you can use XenStorage Motion to live migrate VMs across Clusters, but I believe this is initiated by Root Admins, and not after a HA event. Regards Geoff Higginbottom D: +44 20 3603 0542 | S: +44 20 3603 0540 | M: +447968161581 geoff.higginbot...@shapeblue.com -Original Message- From: Octavian Popescu [mailto:octavian.pope...@interoute.com] Sent: 04 December 2013 12:02 To: users@cloudstack.apache.org Subject: RE: DR in CloudStack ? Hi Geoff, Thanks, are there any specific features or options in regards to pure DR, rather than HA? For instance, moving VMs between clusters, pods or zones? Octavian -Original Message- From: Geoff Higginbottom [mailto:geoff.higginbot...@shapeblue.com] Sent: 04 December 2013 11:36 To: users@cloudstack.apache.org Subject: RE: DR in CloudStack ? Octavian, CloudStack provides VM HA enabling VMs to fail-over to alternate Hosts within the same Cluster so long as the VM is using Shared Storage. For XenServer and KVM, CloudStack initiates the HA failover when it detects a Host has gone down. For VMware, vCenter handles the HA event. Regards Geoff Higginbottom D: +44 20 3603 0542 | S: +44 20 3603 0540 | M: +447968161581 geoff.higginbot...@shapeblue.com -Original Message- From: Octavian Popescu [mailto:octavian.pope...@interoute.com] Sent: 04 December 2013 10:28 To: users@cloudstack.apache.org Subject: DR in CloudStack ? Hi, I would like to understand what kind of disaster recovery options are provided by CloudStack in case of VM or host failures (e.g. can it do failovers from a host to another? from a zone to another?) Thank you, Octavian This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark. This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
RE: Replacing Virtual Router with a custom virtual appliance template
Hi Lisa, Thanks for the link, I did came across it before. In the mean time I think I've found some information how other people did something very similar to what I'm trying: http://www.slideshare.net/mice_xia/integration-3rd-party-security-solution https://cwiki.apache.org/confluence/display/CLOUDSTACK/Palo+Alto+Firewall+Integration https://cwiki.apache.org/confluence/display/CLOUDSTACK/external+hosted+private+gateways Looks like some coding is required to develop a CS Plugin and the virtual appliance will have the expose some kind of API to for the ACS to be able to manage it. Regards, Michal Rodzos Solutions Architect Phone: 1300 144 007 | Mobile: +61 421 834 204 | Skype: michal.rodzos | Twitter From: Lisa B. nordlicht1...@hotmail.de Sent: Monday, 2 December 2013 7:29 AM To: users@cloudstack.apache.org users@cloudstack.apache.org Subject: RE: Replacing Virtual Router with a custom virtual appliance template hey michal, i am not sure if this is what you are looking for but i just came across this blog post while tracking down a different problem: http://blog.remibergsma.com/2012/08/30/going-beyond-cloudstack-advanced-networking-how-i-replaced-the-virtual-router-with-my-own-physical-linux-router/ good luck! lisa From: michal.rod...@cloudcentral.com.au To: users@cloudstack.apache.org Subject: Replacing Virtual Router with a custom virtual appliance template Date: Sun, 1 Dec 2013 14:09:02 +1100 Is it possible to create a network offering, which would use a custom virtual appliance instead of the default Debian template? My understanding is currently only following network providers are supported/available in ACS: - Citrix NetScaler - F5 - Juniper SRX - Virtual Router - Cisco ASA 100v (Citrix CloudPlatform only?) I've found a wiki page https://cwiki.apache.org/confluence/display/CLOUDSTACK/Palo+Alto+Firewall+Integration; that somebody managed to integrate the Palo Alto Firewall into ACS. Plus some other people managed to get the midokura or Nicira to work ? So it seems that custom network providers are feasible. I'd like to provide a premium network offering with a commercial security gateway/UTM virtual appliance as a network provider. Ie the FortiGate UTM provides VPN, NAT, DNS, DHCP, routing and other network features similar to Virtual Router, but also offers security features like anitispam, virus scanning, deep packet inspection, IPS etc. So the question is how hard is, and how much dev effort is required? Other option is to create a network like this Internet - ACS VR- FortiGate TM VM - customer VMs But not sure how can force all the public traffic from the VMs to go via the FortiGate? The environment is XenServer 6.2 and ACS 4.2.1 with Advanced Networking Thanks, Michal Regards, Michal Rodzos Solutions Architect [CloudCentral - Secure Australian Cloud]http://www.cloudcentral.com.au/?utm_source=michalutm_medium=emailutm_campaign=cloudcentral Phone: 1300 144 007 | Mobile: +61 421 834 204 [View Michal Rodzos' profile on LinkedIn]http://www.linkedin.com/in/michalrodzos| Skype: michal.rodzos | Twitterhttps://twitter.com/cloudcentral
Replacing Virtual Router with a custom virtual appliance template
Is it possible to create a network offering, which would use a custom virtual appliance instead of the default Debian template? My understanding is currently only following network providers are supported/available in ACS: - Citrix NetScaler - F5 - Juniper SRX - Virtual Router - Cisco ASA 100v (Citrix CloudPlatform only?) I've found a wiki page https://cwiki.apache.org/confluence/display/CLOUDSTACK/Palo+Alto+Firewall+In tegration# that somebody managed to integrate the Palo Alto Firewall into ACS. Plus some other people managed to get the midokura or Nicira to work ? So it seems that custom network providers are feasible. I'd like to provide a premium network offering with a commercial security gateway/UTM virtual appliance as a network provider. Ie the FortiGate UTM provides VPN, NAT, DNS, DHCP, routing and other network features similar to Virtual Router, but also offers security features like anitispam, virus scanning, deep packet inspection, IPS etc. So the question is how hard is, and how much dev effort is required? Other option is to create a network like this Internet - ACS VR- FortiGate TM VM - customer VMs But not sure how can force all the public traffic from the VMs to go via the FortiGate? The environment is XenServer 6.2 and ACS 4.2.1 with Advanced Networking Thanks, Michal Regards, Michal Rodzos Solutions Architect http://www.cloudcentral.com.au/?utm_source=michalutm_medium=emailutm_camp aign=cloudcentral CloudCentral - Secure Australian Cloud Phone: 1300 144 007 | Mobile: +61 421 834 204 http://www.linkedin.com/in/michalrodzos View Michal Rodzos' profile on LinkedIn| Skype: michal.rodzos | https://twitter.com/cloudcentral Twitter