CloudStack Managed UserData – Automating Cloud Services by Maintaining Compliance Policies
UserData is an industry-standard used in IaaS cloud computing and has become a standard tool for cloud administrators and users alike. It provides a flexible and efficient way to configure and customize cloud instances during the deployment process. UserData scripts are utilized as external resources – decoupled from Apache CloudStack – where users freely define […]
CloudStack Managed User Data l CloudStack Feature First Look
Introduction When launching a new Instance on Apache CloudStack, users can set a UserData script to be executed by cloud-init during the boot process. The ‘CloudStack Managed UserData’ feature extends this functionality allowing one to automate the installation of packages, update the instance’s OS, and configure applications during instance deployment. Introduced in Apache CloudStack 4.18, […]
Support for VMs Having Multiple SSH Key l CloudStack Feature First Look
As SSH is the most widely used way to access remote machines, CloudStack provides users with the ability to specify an SSH Key to be added to the list of authorized keys of a virtual machine either during or post-deployment. Users can either generate these SSH Keys via the CloudStack UI or register existing public […]
Role Based Users in Projects | CloudStack Feature First Look
Projects have proven to be a boon in organizing and grouping accounts and resources together, giving users in the same domain the ability to collaborate and share resources such as VMs, snapshots, volumes and IP addresses. However, there is a limitation. Only accounts can be added as members to projects, which can be an issue […]
Dynamic Roles Utility | CloudStack Feature First Look
CloudStack has more than 600 APIs which can be allowed / disallowed in different combinations to create dynamic roles for the users. The aim of this feature is more effective use and management of these dynamic roles, allowing CloudStack users and operators to: Import and export roles (rule definitions) for the purpose of sharing. Create […]
Enable PVLAN support on L2 networks | CloudStack Feature First Look
Private VLANs have always been partially supported in CloudStack (for shared networks only), in versions prior to 4.14. Administrators could set up Isolated or Promiscuous PVLANs by creating their shared networks in which: Primary VLAN ID = secondary VLAN ID, for Promiscuous PVLANs Primary VLAN ID != secondary VLAN ID, for Isolated PVLANs CloudStack 4.14 […]
Securing CloudStack 4.11 with HTTPS/TLS
Apache CloudStack is generally considered secure out of the box, however it does have the capability of protecting both system VM traffic as well as management traffic with TLS certificates. Prior to version 4.11 CloudStack used Tomcat as the web server and servlet container. With 4.11 this has been changed to embedded Jetty web server […]
Secure Live KVM VM Migration with CloudStack 4.11.1 | CloudStack Feature Deep Dive
Introduction CloudStack 4.11.1 introduces a new security enhancement on top of the new CA framework to secure live KVM VM migrations. This feature allows live migration of guest VMs across KVM hosts using secured TLS enabled libvirtd process. Without this feature, the live migration of guest VMs across KVM hosts would use an unsecured TCP connection, which is prone […]
What’s new in CloudStack 4.11? | CloudStack Feature Deep Dive
Version 4.11 of Apache CloudStack has been released with some exciting new features and a long list of improvements and fixes. It includes more than 400 commits, 220 pull requests, and fixes more than 250 issues. This version has been worked on for 8 months and is the first release of the 4.11 LTS releases, […]
CloudStack CA Framework | CloudStack Feature Deep Dive
Introduction The CloudStack management server listens by default on port 8250 for agents, and this is secured by one-way SSL authentication using the management server’s self-generated server certificates. While this encrypts the connection, it does not authenticate and validate the connecting agent (client). Upcoming features such as support for container/application cluster services require certificate management, and the emerging […]
