Entries by Dag Sonstebo

,

Securing CloudStack 4.11 with HTTPS/TLS

Apache CloudStack is generally considered secure out of the box, however it does have the capability of protecting both system VM traffic as well as management traffic with TLS certificates. Prior to version 4.11 CloudStack used Tomcat as the web server and servlet container. With 4.11 this has been changed to embedded Jetty web server […]

ShapeBlue Security Advisory – Spectre and Meltdown patches in CloudStack 4.9 and 4.11

Overview At the beginning of 2018 a number of vulnerabilities were discovered which allow malicious user space processes to read kernel memory and malicious code in VM guests to read hypervisor memory. These vulnerabilities affect most CPU manufacturers – Intel, AMD, ARM, MIPS, etc. The vulnerabilities were nicknamed “Spectre” and “Meltdown” and are outlined in […]

,

Working towards CloudStack zero downtime upgrades

As most people know, Apache CloudStack has gained a reputation as a solid, low maintenance dependable cloud orchestration platform. That’s why in last year’s Gartner Magic Quadrant so many leaders and challengers were organisations underpinning their services with Apache CloudStack. However, version upgrades – whilst being much simpler than many competing technologies – have always been […]

CloudStack usage service deep dive

Introduction CloudStack usage is a complimentary service which tracks end user consumption of CloudStack resources and summarises this in a separate database for reporting or billing. The usage database can be queried directly, through the CloudStack API, or it can be integrated into external billing or reporting systems. For background information on the usage service […]

,

Inter-VPC connectivity in CloudStack

Introduction In this article Abhinandan  Prateek discusses a method for allowing inter-VPC routing in CloudStack utilising Quagga on the VPC Virtual Router. Please note – this feature is currently in development, this is being considered for release in CloudStack 4.10 (please refer to upcoming release notes for details). In CloudStack a VPC acts as a container for […]

,

CloudStack upgrades – best practices

Introduction Upgrading CloudStack can sometimes be a little daunting – but as the 5P’s proverb goes – Proper Planning Prevents Poor Performance. With planning, testing and the right strategy upgrades will have a high chance of success and have minimal impact on your CloudStack end users. The CloudStack upgrade process is documented in the release notes for […]

, , ,

Networking KVM for CloudStack

Introduction KVM hypervisor networking for CloudStack can sometimes be a challenge, considering KVM doesn’t quite have the matured guest networking model found in the likes of VMware vSphere and Citrix XenServer. In this blog post we’re looking at the options for networking KVM hosts using bridges and VLANs, and dive a bit deeper into the configuration […]

,

CloudStack 4.7 Metrics View

CloudStack 4.7 (which is due in the coming weeks) will introduce a new metrics view feature throughout the familiar CloudStack interface. We built this functionality to help system architects and admins comprehend resource utilisation and drill into the data to find performance hotspots. Whilst metrics have always been available via the CloudStack API a lot of information hasn’t been […]