Usage Guide

This guide is aimed at Administrators of a CloudStack based Cloud

User Interface

• Log In to the UI
  • End User’s UI Overview
  • Root Administrator’s UI Overview
  • Logging In as the Root Administrator
  • Changing the Root Password
  • Basic UI Customization
  • Advanced UI Customisation
  • Multiple Management Support
  • Known Limitations

Managing Accounts, Users and Domains

• Roles, Accounts, Users, and Domains
  • Roles
  • Accounts
  • Domains
  • Users
  • Domain Administrators
  • Root Administrator
  • Read Only Administrator
  • Read Only User
  • Support Admin
  • Support User
  • Resource Ownership
• Using Dynamic Roles
• Dedicating Resources to Accounts and Domains
• How to Dedicate a Zone, Cluster, Pod, or Host to an Account or Domain
  • How to Use Dedicated Hosts
  • Behavior of Dedicated Hosts, Clusters, Pods, and Zones
• Using an LDAP Server for User Authentication
  • Restricting LDAP users to a group:
  • LDAP SSL:
  • LDAP groups:
• Using a SAML 2.0 Identity Provider for User Authentication
• Using Two Factor Authentication For Users

Using Projects to Organize User Resources

• Overview of Projects
• Configuring Projects
  • Setting Up Invitations
  • Setting Resource Limits for Projects
    • Setting Per-Project Resource Limits
    • Setting the Global Project Resource Limits
  • Setting Project Creator Permissions
• Creating a New Project
• Adding Members to a Project
  • Sending Project Membership Invitations
  • Adding Project Members From the UI
• Accepting a Membership Invitation
• Suspending or Deleting a Project
• Using the Project View

Service Offerings

• Service Offerings, Disk Offerings, Network Offerings, and Templates
  • Scope
• Compute and Disk Service Offerings
  • Creating a New Compute Offering
  • Creating a New Disk Offering
  • Modifying or Deleting a Service Offering
• System Service Offerings
  • Creating a New System Service Offering
• Network Throttling
• Changing the Default System Offering for System VMs
• Changing the Default System Offering for Virtual Routers

Setting up Networking for Users

• Overview of Setting Up Networking for Users
• About Virtual Networks
  • Isolated Networks
  • Shared Networks
  • L2 (Layer 2) Networks
  • Runtime Allocation of Virtual Network Resources
• Network Service Providers
• Network Offerings
  • Creating a New Network Offering
• Configuring AutoScale with using CloudStack Virtual Router
  • What is AutoScaling?
  • Hypervisor support
  • Prerequisites
  • Adding an AutoScale VM Group
  • AutoScale Policies
  • Disabling and Enabling an AutoScale VM Group
  • Updating an AutoScale VM Group
    • Updating AutoScale VM Profile
    • Adding an AutoScale policy
    • Updating AutoScale policies
    • Removing an AutoScale policy
  • Deleting an AutoScale VM Group
  • Runtime Considerations

Working with Virtual Machines

• About Working with Virtual Machines
• VM Lifecycle
  • Creating VMs
    • Install Required Tools and Drivers
  • Accessing VMs
  • Securing VM Console Access (KVM only)
  • Stopping and Starting VMs
  • Deleting VMs
• Managing Virtual Machines
  • Changing the VM Name, OS, or Group
  • Appending a Name to the Guest VM’s Internal Name
  • Changing the Service Offering for a VM
    • CPU and Memory Scaling for Running VMs
    • Updating Existing VMs
    • Configuring Dynamic CPU and RAM Scaling
    • How to Dynamically Scale CPU and RAM
    • Limitations
  • Resetting the Virtual Machine Root Volume on Reboot
  • Moving VMs Between Hosts (Manual Live Migration)
  • Moving Instance’s Volumes Between Storage Pools (offline volume Migration)
  • Assigning VMs to Hosts
    • Affinity Groups
      • Creating a New Affinity Group
      • Assign a New VM to an Affinity Group
      • Change Affinity Group for an Existing VM
      • View Members of an Affinity Group
      • Delete an Affinity Group
      • Determine Destination Host of VMs with Non-Strict Affinity Groups
  • Changing a VM’s Base Image
  • Advanced VM Instance Settings
• Virtual Machine Snapshots
  • Storage-based VM snapshots on KVM
  • Limitations on VM Snapshots
  • Configuring VM Snapshots
  • Using VM Snapshots
• Support for Virtual Appliances
  • About Virtual Appliances
  • Deployment options (configurations)
  • Network interfaces
  • Properties
  • End-user license agreements
  • Advanced deployment settings
• Importing and Unmanaging Virtual Machines
  • About Unmanaged Virtual Machines
  • Importing Unmanaged Virtual Machines
    • Use Cases and General Usage
  • Listing unmanaged instances
    • Prerequisites to list unmanaged instances (vSphere)
    • listUnmanagedInstances API
  • Importing Unmanaged Instances
    • importUnmanagedInstance API
    • Prerequisites to Importing Unmanaged Instances (vSphere)
    • Offerings and Automatic Mapping
      • Custom vs Fixed Offerings
      • IP Addresses
  • Discovery of Existing Networks (for vSphere)
  • Unmanaging Virtual Machines
    • Preserving unmanaged virtual machine NICs
    • Unmanaging virtual machine actions
• Virtual Machine Backups (Backup and Recovery Feature)
  • About Backup And Recovery
    • Backup and Recovery Concepts
  • Configuring Backup and Recovery
    • Plugin specific settings
  • Backup Offerings
    • Supported APIs:
  • Importing Backup Offerings
  • Creating VM Backups
    • SLA/Policy Based backups
    • Adhoc and Scheduled Backups
  • Restoring VM Backups
    • Supported APIs:
• Using SSH Keys for Authentication
  • Creating an Instance Template that Supports SSH Keys
  • Creating the SSH Keypair
  • Creating an Instance
  • Logging In Using the SSH Keypair
  • Resetting SSH Keys
  • User-Data and Meta-Data
    • Storing and accessing userdata
    • Determining the virtual router address without DNS
    • Fetching user-data via the API
    • Using cloud-init
    • Custom user-data example
    • Disclaimer
• Assigning GPU/vGPU to Guest VMs
  • Prerequisites and System Requirements
  • Supported GPU Devices
  • GPU/vGPU Assignment Workflow
• Virtual Machine Metrics
  • VM Disk Metrics

Working with Templates & ISOs

• Working With Templates
  • Creating Templates: Overview
  • Requirements for Templates
  • Best Practices for Templates
  • The Default Template
  • Private and Public Templates
  • Creating a Template from an Existing Virtual Machine
  • Creating a Template from a Snapshot
  • Uploading Templates from a remote HTTP server
    • vSphere Templates and ISOs
  • Bypassing Secondary Storage For KVM templates
  • Uploading Templates and ISOs from a local computer
  • Sharing templates and ISOs with other accounts/projects
  • Exporting Templates
  • Creating a Linux Template
  • System preparation for Linux
  • Creating a Windows Template
  • Importing Amazon Machine Images
  • Converting a Hyper-V VM to a Template
  • Adding Password Management to Your Templates
  • Deleting Templates
• Working with ISOs
  • Adding an ISO
  • Attaching an ISO to a VM

Working with Hosts

• Adding Hosts
• Scheduled Maintenance and Maintenance Mode for Hosts
  • vCenter and Maintenance Mode
  • XenServer and Maintenance Mode
• Disabling and Enabling Zones, Pods, and Clusters
• Removing Hosts
  • Removing XenServer and KVM Hosts
  • Removing vSphere Hosts
• Re-Installing Hosts
• Maintaining Hypervisors on Hosts
• Hypervisor Capabilities
• Changing Host Password
• Over-Provisioning and Service Offering Limits
  • Limitations on Over-Provisioning in XenServer and KVM
  • Requirements for Over-Provisioning
    • Balloon Driver
      • XenServer
      • VMware
      • KVM
    • Hypervisor capability
      • XenServer
      • VMware
      • KVM
  • Setting Over-Provisioning Factors
  • Service Offering Limits and Over-Provisioning
• VLAN Provisioning
  • VLAN Allocation Example
  • Adding Non Contiguous VLAN Ranges
  • Assigning VLANs to Isolated Networks
• Out-of-band Management
• Security
• Server Address Usage
• Securing Process
• KVM Libvirt Hook Script Include
  • Feature Overview
  • The KVM Libvirt Hook script allows for
  • Usage
  • Timeout Configuration
  • Custom Script Naming for a Specific VM Action
  • Custom Script Naming for All VM Actions
  • Custom Script Execution Configuration
• KVM Rolling Maintenance
  • Overview
  • Configuration
  • Usage
  • Process

Working with Storage

• Storage Overview
• Primary Storage
  • Best Practices for Primary Storage
  • Runtime Behavior of Primary Storage
  • Hypervisor Support for Primary Storage
  • Using Multiple Local Storages (KVM only)
  • Storage Tags
  • Maintenance Mode for Primary Storage
• Secondary Storage
• Working With Volumes
  • Creating a New Volume
    • Using Local Storage for Data Volumes
    • To Create a New Volume
  • Uploading an Existing Volume to a Virtual Machine
  • Attaching a Volume
  • Detaching and Moving Volumes
  • VM Storage Migration
    • Migrating a Data Volume to a New Storage Pool
      • Migrating Storage For a Running VM
      • Migrating Storage and Attaching to a Different VM
    • Migrating a Instance Root Volume to a New Storage Pool
  • Resizing Volumes
  • Root Volume size defined via Service Offering
  • Change disk offering for volume
  • Reset VM to New Root Disk on Reboot
  • Volume Deletion and Garbage Collection
  • Volume Metrics
• Working with Volume Snapshots
  • How to Snapshot a Volume
  • KVM volume Snapshot specifics
  • Automatic Snapshot Creation and Retention
  • Incremental Snapshots and Backup
  • Volume Status
  • Snapshot Restore
  • Snapshot Job Throttling
  • VMware Volume Snapshot Performance
  • Linstor Primary Storage

Working with System Virtual Machines

• The System VM Template
• Changing the Default System VM Template
• Accessing System VMs
• Multiple System VM Support for VMware
• Console Proxy
  • Creating a VM Console Endpointy
  • Using a SSL Certificate for the Console Proxy
  • Changing the Console Proxy SSL Certificate and Domains
  • Uploading ROOT CA and Intermediate CA
  • Load-balancing Console Proxies / Secondary Storage VMs
  • SSL-Offloading with Load-balancing for Console Proxies / Secondary Storage VMs
• Virtual Router
  • Configuring the Virtual Router
  • Upgrading a Virtual Router with System Service Offerings
  • Best Practices for Virtual Routers
  • Service Monitoring Tool for Virtual Router
  • Health checks for Virtual Router
  • Enhanced Upgrade for Virtual Routers
    • Supported Virtual Routers
    • Upgrading Virtual Routers
• Secondary Storage VM
• Migrating System VMs
• Troubleshoot networks from System VMs
  • Get Diagnostics Data

Working with Usage

• Working with Usage
  • Configuring the Usage Server
  • Setting Usage Limits
    • Globally Configured Limits
    • Limiting Resource Usage
    • User Permission
    • Limit Usage Considerations
    • Limiting Resource Usage in a Domain
    • Default Account Resource Limits
  • Usage Record Format
    • Virtual Machine Usage Record Format
    • Network Usage Record Format
    • IP Address Usage Record Format
    • Disk Volume Usage Record Format
    • Template, ISO, and Snapshot Usage Record Format
    • Load Balancer Policy or Port Forwarding Rule Usage Record Format
    • Network Offering Usage Record Format
    • VPN User Usage Record Format
  • Usage Types
  • Example response from listUsageRecords
  • Dates in the Usage Record

Managing Networks and Traffic

• Guest Traffic
• Networking in a Pod
• Networking in a Zone
• Basic Zone Physical Network Configuration
• Advanced Zone Physical Network Configuration
  • Configure Guest Traffic in an Advanced Zone
  • Configure Public Traffic in an Advanced Zone
  • Configuring a Shared Guest Network
• Editing, Restarting, and Removing a Guest Network
• Using Multiple Guest Networks
  • Adding an Additional Guest Network
  • Reconfiguring Networks in VMs
    • Prerequisites
    • Adding a Network
    • Removing a Network
    • Selecting the Default Network
  • Changing the Network Offering on a Guest Network
• Guest Network Permissions
  • Adding a network permission
  • Removing a network permission
  • Resetting network permissions
• IP Reservation in Isolated Guest Networks
  • IP Reservation Considerations
  • Limitations
  • Best Practices
  • Reserving an IP Range
• Reserving Public IP Addresses and VLANs for Accounts
  • Dedicating IP Address Ranges to an Account
  • Dedicating VLAN Ranges to an Account
• Configuring Multiple IP Addresses on a Single NIC
  • Use Cases
  • Guidelines
  • Assigning Additional IPs to a VM
  • Port Forwarding and StaticNAT Services Changes
• About Multiple IP Ranges
• About Elastic IPs
• Portable IPs
  • About Portable IP
    • Guidelines
  • Configuring Portable IPs
  • Acquiring a Portable IP
  • Transferring Portable IP
• Multiple Subnets in Shared Network
  • Prerequisites and Guidelines
  • Adding Multiple Subnets to a Shared Network
• Isolation in Advanced Zone Using Private VLANs
  • About PVLANs (Secondary VLANs)
  • Supported Secondary VLAN types
  • Prerequisites
  • Creating a PVLAN-Enabled Network
• Security Groups
  • About Security Groups
  • Adding a Security Group
  • Security Groups in Advanced Zones (KVM Only)
    • Limitations
  • Enabling Security Groups
  • Adding Ingress and Egress Rules to a Security Group
• External Firewalls and Load Balancers
  • About Using a NetScaler Load Balancer
  • Configuring SNMP Community String on a RHEL Server
  • Initial Setup of External Firewalls and Load Balancers
  • Ongoing Configuration of External Firewalls and Load Balancers
  • Load Balancer Rules
    • Adding a Load Balancer Rule
    • Sticky Session Policies for Load Balancer Rules
    • Load Balancer Configurations
    • Health Checks for Load Balancer Rules
  • Configuring AutoScale
    • Prerequisites
    • Configuration
    • Disabling and Enabling an AutoScale Configuration
    • Updating an AutoScale Configuration
    • Runtime Considerations
• Global Server Load Balancing Support
  • About Global Server Load Balancing
    • Components of GSLB
    • How Does GSLB Works in CloudStack?
  • Configuring GSLB
    • Prerequisites and Guidelines
    • Enabling GSLB in NetScaler
    • Adding a GSLB Rule
    • Assigning Load Balancing Rules to GSLB
  • Known Limitation
• Guest IP Ranges
• Acquiring a New IP Address
• Releasing an IP Address
• Reserving a Public IP Address
• Releasing a Reserved Public IP Address
• Static NAT
  • Enabling or Disabling Static NAT
• IP Forwarding and Firewalling
  • Firewall Rules
  • Egress Firewall Rules in an Advanced Zone
    • Prerequisites and Guidelines
    • Configuring an Egress Firewall Rule
    • Configuring the Default Egress Policy
      • Allow
      • Deny
  • Port Forwarding
• IP Load Balancing
• DNS and DHCP
• Remote Access VPN
  • Configuring Remote Access VPN
  • Configuring Remote Access VPN in VPC
  • Setting Up a Site-to-Site VPN Connection
    • Creating and Updating a VPN Customer Gateway
      • Updating and Removing a VPN Customer Gateway
    • Creating a VPN gateway for the VPC
    • Creating a VPN Connection
    • Site-to-Site VPN Connection Between VPC Networks
    • Restarting and Removing a VPN Connection
• About Inter-VLAN Routing (nTier Apps)
• Configuring a Virtual Private Cloud
  • About Virtual Private Clouds
    • Major Components of a VPC
    • Network Architecture in a VPC
    • Connectivity Options for a VPC
    • VPC Network Considerations
  • Adding a Virtual Private Cloud
  • Adding Tiers
  • Configuring Network Access Control List
    • About Network ACL Lists
    • Creating ACL Lists
    • Creating an ACL Rule
    • Creating a Tier with Custom ACL List
    • Assigning a Custom ACL List to a Tier
  • Adding a Private Gateway to a VPC
    • Source NAT on Private Gateway
    • ACL on Private Gateway
    • Creating a Static Route
    • Denylisting Routes
  • Deploying VMs to the Tier
  • Deploying VMs to VPC Tier and Shared Networks
  • Acquiring a New IP Address for a VPC
  • Releasing an IP Address Alloted to a VPC
  • Enabling or Disabling Static NAT on a VPC
  • Adding Load Balancing Rules on a VPC
    • Load Balancing Within a Tier (External LB)
      • Enabling NetScaler as the LB Provider on a VPC Tier
      • Creating a Network Offering for External LB
      • Creating an External LB Rule
    • Load Balancing Across Tiers
      • How Does Internal LB Work in VPC?
      • Guidelines
      • Enabling Internal LB on a VPC Tier
      • Creating a Network Offering for Internal LB
      • Creating an Internal LB Rule
  • Adding a Port Forwarding Rule on a VPC
  • Removing Tiers
  • Editing, Restarting, and Removing a Virtual Private Cloud
• Persistent Networks
  • Persistent Network Considerations
  • Creating a Persistent Guest Network
• Setup a Palo Alto Networks Firewall
  • Functionality Provided
  • Initial Palo Alto Networks Firewall Configuration
    • Anatomy of the Palo Alto Networks Firewall
    • Configure the Public / Private Zones on the firewall
    • Configure the Public / Private Interfaces on the firewall
    • Configure a Virtual Router on the firewall
    • Configure the default Public Subinterface
    • Commit configuration on the Palo Alto Networks Firewall
  • Setup the Palo Alto Networks Firewall in CloudStack
    • Add the Palo Alto Networks Firewall as a Service Provider
    • Add a Network Service Offering to use the new Provider
  • Additional Features
    • Palo Alto Networks Threat Profile
    • Palo Alto Networks Log Forwarding Profile
  • Limitations
• Using Remote Access VPN
  • Mac OSX
  • Microsoft Windows 8

Managing the Cloud

• Using Tags to Organize Resources in the Cloud
• Using Comments on the Resources in the Cloud
• Reporting CPU Sockets
• Changing the Database Configuration
• Changing the Database Password
• File encryption type
• Administrator Alerts
  • Sending Alerts to External SNMP and Syslog Managers
    • SNMP Alert Details
    • Syslog Alert Details
    • Configuring SNMP and Syslog Managers
    • Deleting an SNMP or Syslog Manager
• Customizing the Network Domain Name
• Stopping and Restarting the Management Server

System Reliability and Availability

• HA for Management Server
• Management Server Load Balancing
• Multiple Management Servers Support on agents
• HA-Enabled Virtual Machines
• Dedicated HA Hosts
• HA-Enabled Hosts
• Primary Storage Outage and Data Loss
• Secondary Storage Outage and Data Loss
• Database High Availability
  • How to Set Up Database Replication
  • Configuring Database High Availability
  • Limitations on Database High Availability

Tuning

• Tuning
  • Performance Monitoring
  • Increase Management Server Maximum Memory
  • Set Database Buffer Pool Size
  • Monitor the Database Load
  • Set and Monitor Total VM Limits per Host
  • Configure XenServer dom0 Memory

Events and Troubleshooting

• Event Notification
  • Event Logs
  • Notification
    • Implementations
    • Use Cases
    • AMQP Configuration
    • Kafka Configuration
  • Standard Events
  • Long Running Job Events
  • Event Log Queries
  • Deleting and Archiving Events and Alerts
    • Permissions
    • Procedure
• TroubleShooting
  • Working with Server Logs
  • Data Loss on Exported Primary Storage
    • Symptom
    • Cause
    • Solution
    • More Information
  • Recovering a Lost Virtual Router
    • Symptom
    • Cause
    • Solution
  • Maintenance mode not working on vCenter
    • Symptom
    • Cause
    • Solution
  • Unable to deploy VMs from uploaded vSphere template
    • Symptom
    • Cause
    • Solution
  • Unable to power on virtual machine on VMware
    • Symptom
    • Cause
    • Solution
  • Load balancer rules fail after changing network offering
    • Symptom
    • Cause
    • Solution
  • Troubleshooting Internet Traffic
    • Trouble Shooting Steps