New CloudStack Database Encryption Engine l CloudStack Feature Deep Dive

Introduction As part of its security capabilities, Apache CloudStack encrypts sensitive information such as user credentials and passwords. For over a decade, Apache CloudStack has used the StandardPBEStringEncryptor from the jasypt library to encrypt data. However, the encryption algorithm used by this library, “PBEWithMD5AndDes” is now considered insecure because it relies on outdated cryptographics, namely the MD5 hash function and the DES encryption cipher, which has only a 56-bit key length. To improve the security of Apache CloudStack, it is recommended to use a more modern and secure encryption algorithm, such as AES-GCM . AES-GCM is a mode of operation […]

Edge Zones l CloudStack Feature Deep Dive

Introduction Edge computing is the talk of the town these days. With the impetus on lowering infrastructure costs, concerns about data protection policies and efforts to provide lower latency and better services to the end-users, edge computing have been gaining traction with cloud providers. With the release of version 4.18, CloudStack is also taking a step in this direction by facilitating edge computing with the introduction of CloudStack Edge Zones with the KVM hypervisor. Edge Zones are lightweight, low-cost zones designed for edge sites. Typically, such zones contain a single hypervisor host located closer to both the data source and […]

Manage Network Permission l CloudStack Feature Deep Dive

Introduction In Apache CloudStack, users are organized into a logical structure of Accounts and Domains. In previous versions of Apache CloudStack each Account had its own resources which could not be shared with other accounts (eg. when a software application from one Account needs to access an application in another account under the same Domain). For this to work, users had to configure their networks with firewall rules, port forwarding, load balancing or private gateways. This method causes considerable network overhead as all packets have to go through 2 different Virtual Routers (VRs) to reach their destination. With Apache CloudStack […]

Self-service Shared Networks l CloudStack Feature Deep Dive

Introduction In Apache CloudStack it is possible to deploy three types of Guest Networks: Isolated, VPC and Shared Networks. Previously in Apache CloudStack, Domain Admins and Regular Users could deploy only Isolated and VPC Networks. Shared Networks could only be deployed by Root Admins (as they require the selection of a VLAN) which adds considerable overhead and reduces the agility of the cloud offering. From the platform operator’s perspective, Shared Networks might not be made available to the Users at all due to the extra burden. From CloudStack 4.17 onwards, Domain Admin and Regular Users are now able to deploy […]

What’s New in Apache CloudStack 4.17

*  The content in this blog is a reproduction from the Apache CloudStack 4.17 release blog, which can be viewed via this link. Apache CloudStack 4.17 is the latest release of the cloud management platform from the Apache Software Foundation and is a result of months of work from the development community. Apache CloudStack 4.17 is an LTS (Long Term Support) release so will be maintained for a period of 18 months after release. As always, the release contains a myriad of small improvements and bug fixes but here we focus on the major new functionality of the release. VR […]

CloudStack 4.16.1.0 Deep Dive

Apache CloudStack 4.16.1.0 Release – Deep Dive

Apache CloudStack 4.16.1.0 is the latest maintenance release as part of the LTS 4.16.x releases. It contains more than 150 fixes and improvements since the 4.16.0.0 release. In this article, Suresh Kumar Anaparti, release manager of 4.16.1.0 is reviewing some of the most notable fixes and improvements in the release. Continue reading to learn more what you can get out of the new release.   System VM Template Improvements The System VM template is updated from Debian v11 to Debian v11.2. The operator is able to update the letsencrypt certificate in the System VMs, and also can update the old […]

Customizing new CloudStack UI - Cover

Customising the CloudStack UI

A lot of work has gone into the CloudStack UI recently, and it is now a modern, role-based UI that not only gives a fresh look to CloudStack but also makes development and customisation much easier. In this blog, I provide guidance on how to customise the UI, and have classified customisation into two categories – basic and advanced. Basic Customisations Users can customise the UI by means of this configuration file: /etc/cloudstack/management/config.json to modify theme, logos, etc. as required. These changes can be made while the CloudStack management server is running, and the changes can be seen immediately with […]

VMWare vSphere logo - CloudStack

vSphere Advanced Capabilities in CloudStack | CloudStack Feature Deep Dive

Introduction CloudStack vSphere integration has not kept up with the evolution of vSphere itself, and several functions can be performed natively by vSphere much more efficiently than by CloudStack. vSphere also has additional features which would be beneficial to the operators of vSphere based CloudStack clouds. This feature introduces support in CloudStack for VMFS6, vSAN, vVols and datastore clusters. Also, vSphere storage policies are tied with compute and disk offerings to improve linking offerings with storages, and CloudStack will allow inter-cluster VM and volume migrations, meaning that running VMs can now migrate along with all volumes across clusters. Furthermore, storage […]

CloudStack VMWare Logos

Support Virtual Appliance OVA Templates in VMware | CloudStack Deep Dive

Vendors of virtual appliances (vApp) for VMware often produce ‘templates’ of their appliances in an OVA format. An OVA file will contain disc images, configuration data of the virtual appliance, and sometimes a EULA which must be acknowledged. The purpose of this feature is to enable CloudStack to mimic the end-user experience of importing such an OVA directly into vCenter, the end result being a virtual appliance deployed with the same configuration data in the virtual machines descriptor (VMX) file as would be there if the appliance had been deployed directly through vCenter. The OVA will contain configuration data regarding […]

Secondary Storage Management - Data Store - CloudStack

Secondary Storage Management | CloudStack Feature Deep Dive

In CloudStack, secondary storage pools (image stores) house resources such as volumes, snapshots and templates. Over time these storage pools may have to be decommissioned or data moved from one storage pool to another, but CloudStack isn’t too evolved when it comes to managing secondary storage pools. This feature improves CloudStack’s management of secondary storage by introducing the following functionality: Balanced / Complete migration of data objects among secondary storage pools Enable setting image stores to read-only (making further operations such as download of templates or storage of snapshots and volumes impossible) Algorithm to automatically balance image stores View download […]