diff --git a/agent/src/com/cloud/agent/AgentShell.java b/agent/src/com/cloud/agent/AgentShell.java
index 9cb3c3db3ff..2af08e9bf21 100644
--- a/agent/src/com/cloud/agent/AgentShell.java
+++ b/agent/src/com/cloud/agent/AgentShell.java
@@ -38,10 +38,13 @@ import java.util.UUID;
 
 import javax.naming.ConfigurationException;
 
+import org.apache.commons.beanutils.PropertyUtils;
 import org.apache.commons.httpclient.HttpClient;
 import org.apache.commons.httpclient.MultiThreadedHttpConnectionManager;
 import org.apache.commons.httpclient.methods.GetMethod;
 import org.apache.log4j.Logger;
+import org.apache.log4j.PropertyConfigurator;
+import org.apache.log4j.xml.DOMConfigurator;
 
 import com.cloud.agent.Agent.ExitStatus;
 import com.cloud.agent.dao.StorageComponent;
@@ -377,6 +380,18 @@ public class AgentShell implements IAgentShell {
 
     public void init(String[] args) throws ConfigurationException {
 
+    	// PropertiesUtil is used both in management server and agent packages,
+    	// it searches path under class path and common J2EE containers
+    	// For KVM agent, do it specially here
+    	
+    	File file = new File("/etc/cloudstack/agent/log4j-cloud.xml");
+    	if(file == null || !file.exists()) {
+    		file = PropertiesUtil.findConfigFile("log4j-cloud.xml");
+    	}
+    	DOMConfigurator.configureAndWatch(file.getAbsolutePath());
+
+    	s_logger.info("Agent started");
+    	
         final Class<?> c = this.getClass();
         _version = c.getPackage().getImplementationVersion();
         if (_version == null) {
diff --git a/api/src/com/cloud/agent/api/SecurityGroupRulesCmd.java b/api/src/com/cloud/agent/api/SecurityGroupRulesCmd.java
index affad1f9b9d..4336b4c32b4 100644
--- a/api/src/com/cloud/agent/api/SecurityGroupRulesCmd.java
+++ b/api/src/com/cloud/agent/api/SecurityGroupRulesCmd.java
@@ -18,6 +18,7 @@ package com.cloud.agent.api;
 
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+import java.util.List;
 import java.util.zip.DeflaterOutputStream;
 
 import org.apache.commons.codec.binary.Base64;
@@ -80,6 +81,7 @@ public class SecurityGroupRulesCmd extends Command {
     Long msId;
     IpPortAndProto [] ingressRuleSet;
     IpPortAndProto [] egressRuleSet;
+    private List<String> secIps;
 
     public SecurityGroupRulesCmd() {
         super();
@@ -103,6 +105,23 @@ public class SecurityGroupRulesCmd extends Command {
     }
 
 
+    public SecurityGroupRulesCmd(String guestIp, String guestMac, String vmName, Long vmId, String signature, Long seqNum, IpPortAndProto[] ingressRuleSet, IpPortAndProto[] egressRuleSet, List<String> secIps) {
+        super();
+        this.guestIp = guestIp;
+        this.vmName = vmName;
+        this.ingressRuleSet = ingressRuleSet;
+        this.egressRuleSet = egressRuleSet;
+        this.guestMac = guestMac;
+        this.signature = signature;
+        this.seqNum = seqNum;
+        this.vmId  = vmId;
+        if (signature == null) {
+            String stringified = stringifyRules();
+            this.signature = DigestUtils.md5Hex(stringified);
+        }
+        this.secIps = secIps;
+    }
+
     @Override
     public boolean executeInSequence() {
         return true;
@@ -131,6 +150,10 @@ public class SecurityGroupRulesCmd extends Command {
         return guestIp;
     }
 
+    public List<String> getSecIps() {
+        return secIps;
+    }
+
 
     public String getVmName() {
         return vmName;
@@ -165,6 +188,20 @@ public class SecurityGroupRulesCmd extends Command {
     }
 
 
+    public String getSecIpsString() {
+        StringBuilder sb = new StringBuilder();
+        List<String> ips = getSecIps();
+        if (ips == null) {
+            return "0:";
+        } else {
+            for (String ip : ips) {
+                sb.append(ip).append(":");
+            }
+        }
+        return sb.toString();
+    }
+
+
     public String stringifyCompressedRules() {
         StringBuilder ruleBuilder = new StringBuilder();
         for (SecurityGroupRulesCmd.IpPortAndProto ipPandP : getIngressRuleSet()) {
diff --git a/api/src/com/cloud/agent/api/to/NicTO.java b/api/src/com/cloud/agent/api/to/NicTO.java
index aa2aa19cc19..ccebe115f97 100644
--- a/api/src/com/cloud/agent/api/to/NicTO.java
+++ b/api/src/com/cloud/agent/api/to/NicTO.java
@@ -16,12 +16,15 @@
 // under the License.
 package com.cloud.agent.api.to;
 
+import java.util.List;
+
 public class NicTO extends NetworkTO {
     int deviceId;
     Integer networkRateMbps;
     Integer networkRateMulticastMbps;
     boolean defaultNic;
     String uuid;
+    List <String> nicSecIps;
 
     public NicTO() {
         super();
@@ -69,4 +72,12 @@ public class NicTO extends NetworkTO {
     public String toString() {
         return new StringBuilder("[Nic:").append(type).append("-").append(ip).append("-").append(broadcastUri).append("]").toString();
     }
+
+    public void setNicSecIps(List<String> secIps) {
+        this.nicSecIps = secIps;
+    }
+
+    public List<String> getNicSecIps() {
+        return nicSecIps;
+    }
 }
diff --git a/api/src/com/cloud/network/security/SecurityGroupService.java b/api/src/com/cloud/network/security/SecurityGroupService.java
index c6480323780..397de1ccb46 100644
--- a/api/src/com/cloud/network/security/SecurityGroupService.java
+++ b/api/src/com/cloud/network/security/SecurityGroupService.java
@@ -24,6 +24,7 @@ import org.apache.cloudstack.api.command.user.securitygroup.CreateSecurityGroupC
 import org.apache.cloudstack.api.command.user.securitygroup.DeleteSecurityGroupCmd;
 import org.apache.cloudstack.api.command.user.securitygroup.RevokeSecurityGroupEgressCmd;
 import org.apache.cloudstack.api.command.user.securitygroup.RevokeSecurityGroupIngressCmd;
+import org.apache.cloudstack.api.command.user.vm.AddIpToVmNicCmd;
 
 import com.cloud.exception.InvalidParameterValueException;
 import com.cloud.exception.PermissionDeniedException;
@@ -45,5 +46,6 @@ public interface SecurityGroupService {
     public List<? extends SecurityRule> authorizeSecurityGroupIngress(AuthorizeSecurityGroupIngressCmd cmd);
 
     public List<? extends SecurityRule> authorizeSecurityGroupEgress(AuthorizeSecurityGroupEgressCmd cmd);
-
+    public boolean securityGroupRulesForVmSecIp(Long nicId, Long networkId,
+            String secondaryIp, boolean ruleAction);
 }
diff --git a/api/src/com/cloud/template/VirtualMachineTemplate.java b/api/src/com/cloud/template/VirtualMachineTemplate.java
index cdfe8d38dc5..cedc793c197 100755
--- a/api/src/com/cloud/template/VirtualMachineTemplate.java
+++ b/api/src/com/cloud/template/VirtualMachineTemplate.java
@@ -37,6 +37,7 @@ public interface VirtualMachineTemplate extends ControlledEntity, Identity, Inte
         featured, // returns templates that have been marked as featured and public
         self, // returns templates that have been registered or created by the calling user
         selfexecutable, // same as self, but only returns templates that are ready to be deployed with
+        shared, // including templates that have been granted to the calling user by another user
         sharedexecutable, // ready templates that have been granted to the calling user by another user
         executable, // templates that are owned by the calling user, or public templates, that can be used to deploy a
         community, // returns templates that have been marked as public but not featured
diff --git a/api/src/org/apache/cloudstack/api/command/admin/user/DeleteUserCmd.java b/api/src/org/apache/cloudstack/api/command/admin/user/DeleteUserCmd.java
index bb37d085c8e..5683d58ab30 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/user/DeleteUserCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/user/DeleteUserCmd.java
@@ -33,7 +33,7 @@ import com.cloud.user.Account;
 import com.cloud.user.User;
 import com.cloud.user.UserContext;
 
-@APICommand(name = "deleteUser", description="Creates a user for an account", responseObject=UserResponse.class)
+@APICommand(name = "deleteUser", description="Deletes a user for an account", responseObject=SuccessResponse.class)
 public class DeleteUserCmd extends BaseCmd {
     public static final Logger s_logger = Logger.getLogger(DeleteUserCmd.class.getName());
 
@@ -42,7 +42,7 @@ public class DeleteUserCmd extends BaseCmd {
     /////////////////////////////////////////////////////
     //////////////// API parameters /////////////////////
     /////////////////////////////////////////////////////
-    @Parameter(name=ApiConstants.ID, type=CommandType.UUID, entityType=UserResponse.class, required=true, description="Deletes a user")
+    @Parameter(name=ApiConstants.ID, type=CommandType.UUID, entityType=UserResponse.class, required=true, description="id of the user to be deleted")
     private Long id;
 
     @Inject RegionService _regionService;
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/AddIpToVmNicCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/AddIpToVmNicCmd.java
index 0f992743f6d..df6b3999dba 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vm/AddIpToVmNicCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/AddIpToVmNicCmd.java
@@ -28,6 +28,8 @@ import org.apache.cloudstack.api.response.NicResponse;
 import org.apache.cloudstack.api.response.NicSecondaryIpResponse;
 
 import com.cloud.async.AsyncJob;
+import com.cloud.dc.DataCenter;
+import com.cloud.dc.DataCenter.NetworkType;
 import com.cloud.event.EventTypes;
 import com.cloud.exception.ConcurrentOperationException;
 import com.cloud.exception.InsufficientAddressCapacityException;
@@ -83,6 +85,9 @@ public class AddIpToVmNicCmd extends BaseAsyncCmd {
 
     public Long getNetworkId() {
         Nic nic = _entityMgr.findById(Nic.class, nicId);
+        if (nic == null) {
+            throw new InvalidParameterValueException("Can't find network id for specified nic");
+        }
         Long networkId = nic.getNetworkId();
         return networkId;
     }
@@ -98,6 +103,13 @@ public class AddIpToVmNicCmd extends BaseAsyncCmd {
             return null;
         }
     }
+
+    public NetworkType getNetworkType() {
+        Network ntwk = _entityMgr.findById(Network.class, getNetworkId());
+        DataCenter dc = _entityMgr.findById(DataCenter.class, ntwk.getDataCenterId());
+        return dc.getNetworkType();
+    }
+
     @Override
     public long getEntityOwnerId() {
         Account caller = UserContext.current().getCaller();
@@ -134,7 +146,7 @@ public class AddIpToVmNicCmd extends BaseAsyncCmd {
 
         UserContext.current().setEventDetails("Nic Id: " + getNicId() );
         String ip;
-        String SecondaryIp = null;
+        String secondaryIp = null;
         if ((ip = getIpaddress()) != null) {
             if (!NetUtils.isValidIp(ip)) {
                 throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Invalid ip address " + ip);
@@ -142,15 +154,24 @@ public class AddIpToVmNicCmd extends BaseAsyncCmd {
         }
 
         try {
-            SecondaryIp =  _networkService.allocateSecondaryGuestIP(_accountService.getAccount(getEntityOwnerId()),  getZoneId(), getNicId(), getNetworkId(), getIpaddress());
+            secondaryIp =  _networkService.allocateSecondaryGuestIP(_accountService.getAccount(getEntityOwnerId()),  getZoneId(), getNicId(), getNetworkId(), getIpaddress());
         } catch (InsufficientAddressCapacityException e) {
             throw new InvalidParameterValueException("Allocating guest ip for nic failed");
         }
 
-        if (SecondaryIp != null) {
-            s_logger.info("Associated ip address to NIC : " + SecondaryIp);
+        if (secondaryIp != null) {
+            if (getNetworkType() == NetworkType.Basic) {
+                // add security group rules for the secondary ip addresses
+                boolean success = false;
+                success = _securityGroupService.securityGroupRulesForVmSecIp(getNicId(), getNetworkId(), secondaryIp, (boolean) true);
+                if (success == false) {
+                    throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to set security group rules for the secondary ip");
+                }
+            }
+
+            s_logger.info("Associated ip address to NIC : " + secondaryIp);
             NicSecondaryIpResponse response = new NicSecondaryIpResponse();
-            response = _responseGenerator.createSecondaryIPToNicResponse(ip, getNicId(), getNetworkId());
+            response = _responseGenerator.createSecondaryIPToNicResponse(secondaryIp, getNicId(), getNetworkId());
             response.setResponseName(getCommandName());
             this.setResponseObject(response);
         } else {
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/RemoveIpFromVmNicCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/RemoveIpFromVmNicCmd.java
index cb5e0855f64..21a9a0c96b4 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vm/RemoveIpFromVmNicCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/RemoveIpFromVmNicCmd.java
@@ -27,15 +27,21 @@ import org.apache.cloudstack.api.ServerApiException;
 import org.apache.cloudstack.api.response.NicSecondaryIpResponse;
 import org.apache.cloudstack.api.response.SuccessResponse;
 import com.cloud.async.AsyncJob;
+import com.cloud.dc.DataCenter;
+import com.cloud.dc.DataCenter.NetworkType;
 import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientAddressCapacityException;
 import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.network.Network;
 import com.cloud.user.Account;
 import com.cloud.user.UserContext;
+import com.cloud.vm.Nic;
+import com.cloud.vm.NicSecondaryIp;
 
 @APICommand(name = "removeIpFromNic", description="Assigns secondary IP to NIC.", responseObject=SuccessResponse.class)
 public class RemoveIpFromVmNicCmd extends BaseAsyncCmd {
     public static final Logger s_logger = Logger.getLogger(RemoveIpFromVmNicCmd.class.getName());
-    private static final String s_name = "unassignsecondaryipaddrtonicresponse";
+    private static final String s_name = "removeipfromnicresponse";
 
     /////////////////////////////////////////////////////
     //////////////// API parameters /////////////////////
@@ -43,7 +49,7 @@ public class RemoveIpFromVmNicCmd extends BaseAsyncCmd {
 
     @Parameter(name=ApiConstants.ID, type=CommandType.UUID, required = true, entityType = NicSecondaryIpResponse.class,
             description="the ID of the secondary ip address to nic")
-            private long id;
+            private Long id;
 
     // unexposed parameter needed for events logging
     @Parameter(name=ApiConstants.ACCOUNT_ID, type=CommandType.UUID, expose=false)
@@ -57,7 +63,7 @@ public class RemoveIpFromVmNicCmd extends BaseAsyncCmd {
         return "nic_secondary_ips";
     }
 
-    public long getIpAddressId() {
+    public Long getIpAddressId() {
         return id;
     }
 
@@ -80,6 +86,11 @@ public class RemoveIpFromVmNicCmd extends BaseAsyncCmd {
         return EventTypes.EVENT_NET_IP_ASSIGN;
     }
 
+    public NicSecondaryIp getIpEntry() {
+        NicSecondaryIp nicSecIp = _entityMgr.findById(NicSecondaryIp.class, getIpAddressId());
+        return nicSecIp;
+    }
+
     @Override
     public String getEventDescription() {
         return  ("Disassociating ip address with id=" + id);
@@ -98,15 +109,53 @@ public class RemoveIpFromVmNicCmd extends BaseAsyncCmd {
         return "addressinfo";
     }
 
+    public Long getNetworkId() {
+        NicSecondaryIp nicSecIp = _entityMgr.findById(NicSecondaryIp.class, getIpAddressId());
+        if (nicSecIp != null) {
+            Long networkId = nicSecIp.getNetworkId();
+            return networkId;
+        } else {
+            return null;
+        }
+    }
+
+    public NetworkType getNetworkType() {
+        Network ntwk = _entityMgr.findById(Network.class, getNetworkId());
+        if (ntwk != null) {
+            DataCenter dc = _entityMgr.findById(DataCenter.class, ntwk.getDataCenterId());
+            return dc.getNetworkType();
+        }
+        return null;
+    }
+
     @Override
     public void execute() throws InvalidParameterValueException {
-        UserContext.current().setEventDetails("Ip Id: " + getIpAddressId());
-        boolean result = _networkService.releaseSecondaryIpFromNic(getIpAddressId());
-        if (result) {
-            SuccessResponse response = new SuccessResponse(getCommandName());
-            this.setResponseObject(response);
-        } else {
-            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to remove secondary  ip address for the nic");
+        UserContext.current().setEventDetails("Ip Id: " + id);
+        NicSecondaryIp nicSecIp = getIpEntry();
+
+        if (nicSecIp == null) {
+            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Invalid IP id is passed");
+        }
+
+        if (getNetworkType() == NetworkType.Basic) {
+            //remove the security group rules for this secondary ip
+            boolean success = false;
+            success = _securityGroupService.securityGroupRulesForVmSecIp(nicSecIp.getNicId(), nicSecIp.getNetworkId(),nicSecIp.getIp4Address(), false);
+            if (success == false) {
+                throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to set security group rules for the secondary ip");
+            }
+        }
+
+        try {
+            boolean result = _networkService.releaseSecondaryIpFromNic(id);
+            if (result) {
+                SuccessResponse response = new SuccessResponse(getCommandName());
+                this.setResponseObject(response);
+            } else {
+                throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to remove secondary  ip address for the nic");
+            }
+        } catch (InvalidParameterValueException e) {
+            throw new InvalidParameterValueException("Removing guest ip from nic failed");
         }
     }
 
diff --git a/api/src/org/apache/cloudstack/api/response/NicSecondaryIpResponse.java b/api/src/org/apache/cloudstack/api/response/NicSecondaryIpResponse.java
index 3464a63540e..695468faef2 100644
--- a/api/src/org/apache/cloudstack/api/response/NicSecondaryIpResponse.java
+++ b/api/src/org/apache/cloudstack/api/response/NicSecondaryIpResponse.java
@@ -20,28 +20,38 @@ import java.util.List;
 
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.BaseResponse;
+import org.apache.cloudstack.api.EntityReference;
 
+import com.cloud.network.rules.FirewallRule;
 import com.cloud.serializer.Param;
+import com.cloud.vm.NicSecondaryIp;
 import com.google.gson.annotations.SerializedName;
 
+@EntityReference(value=NicSecondaryIp.class)
 @SuppressWarnings("unused")
 public class NicSecondaryIpResponse extends BaseResponse {
+
     @SerializedName(ApiConstants.ID) @Param(description="the ID of the secondary private IP addr")
-    private Long id;
+    private String id;
 
     @SerializedName(ApiConstants.IP_ADDRESS) @Param(description="Secondary IP address")
     private String ipAddr;
 
     @SerializedName(ApiConstants.NIC_ID) @Param(description="the ID of the nic")
-    private Long nicId;
+    private String nicId;
 
     @SerializedName(ApiConstants.NETWORK_ID) @Param(description="the ID of the network")
-    private  Long nwId;
+    private  String nwId;
 
     @SerializedName(ApiConstants.VIRTUAL_MACHINE_ID) @Param(description="the ID of the vm")
-    private Long vmId;
+    private String vmId;
 
-    public Long getId() {
+    @Override
+    public String getObjectId() {
+        return this.getId();
+    }
+
+    public String getId() {
         return id;
     }
 
@@ -53,32 +63,32 @@ public class NicSecondaryIpResponse extends BaseResponse {
         this.ipAddr = ipAddr;
     }
 
-    public Long getNicId() {
+    public String getNicId() {
         return nicId;
     }
 
-    public void setNicId(Long nicId) {
-        this.nicId = nicId;
+    public void setNicId(String string) {
+        this.nicId = string;
     }
 
-    public Long getNwId() {
+    public String getNwId() {
         return nwId;
     }
 
-    public void setNwId(Long nwId) {
+    public void setNwId(String nwId) {
         this.nwId = nwId;
     }
 
-    public Long getVmId() {
+    public String getVmId() {
         return vmId;
     }
 
-    public void setVmId(Long vmId) {
+    public void setVmId(String vmId) {
         this.vmId = vmId;
     }
 
-    public Long setId(Long id) {
-        return id;
+    public void setId(String id) {
+        this.id = id;
     }
 
 
diff --git a/client/tomcatconf/componentContext.xml.in b/client/tomcatconf/componentContext.xml.in
index 23566e204c0..7b64f49ee20 100644
--- a/client/tomcatconf/componentContext.xml.in
+++ b/client/tomcatconf/componentContext.xml.in
@@ -107,11 +107,7 @@
   
   <bean id="hypervisorTemplateAdapter" class="com.cloud.template.HypervisorTemplateAdapter">
     <property name="name" value="HypervisorAdapter"/>
-  </bean> 
-  
-   <bean id="bareMetalTemplateAdapter" class="com.cloud.baremetal.BareMetalTemplateAdapter">
-    <property name="name" value="BareMetalAdapter"/>
-  </bean> 
+  </bean>
   
   <!--
     Storage pool allocators
diff --git a/client/tomcatconf/components-cloudzones.xml.in b/client/tomcatconf/components-cloudzones.xml.in
deleted file mode 100755
index 4bd39108e1f..00000000000
--- a/client/tomcatconf/components-cloudzones.xml.in
+++ /dev/null
@@ -1,33 +0,0 @@
-<?xml version="1.0"?>
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements.  See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership.  The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License.  You may obtain a copy of the License at
-
-  http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied.  See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-<components-cloudzones.xml>
-    <system-integrity-checker class="com.cloud.upgrade.DatabaseUpgradeChecker">
-        <checker name="ManagementServerNode" class="com.cloud.cluster.ManagementServerNode"/>
-        <checker name="PremiumDatabaseUpgradeChecker" class="com.cloud.upgrade.PremiumDatabaseUpgradeChecker"/>
-    </system-integrity-checker>
-
-    <management-server class="com.cloud.server.ManagementServerExtImpl" library="com.cloud.configuration.CloudZonesComponentLibrary" extends="components-premium.xml:management-server"/>
-    
-    <configuration-server class="com.cloud.server.ConfigurationServerImpl" extends="components.xml:configuration-server">
-        <dao name="Configuration configuration server" class="com.cloud.configuration.dao.ConfigurationDaoImpl" singleton="false">
-             <param name="premium">true</param>
-        </dao>
-    </configuration-server>
-</components-cloudzones.xml>
diff --git a/client/tomcatconf/components-nonoss.xml.in b/client/tomcatconf/components-nonoss.xml.in
deleted file mode 100755
index fbfc5cc2726..00000000000
--- a/client/tomcatconf/components-nonoss.xml.in
+++ /dev/null
@@ -1,97 +0,0 @@
-<?xml version="1.0"?>
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements.  See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership.  The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License.  You may obtain a copy of the License at
-
-  http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied.  See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-<!--
-  components.xml is the configuration file for the VM Ops
-  insertion servers.  Someone can quickly pull together an
-  insertion server by selecting the correct adapters to use.
-
-  Here are some places to look for information.
-    - To find out the general functionality that each Manager 
-      or Adapter provide, look at the javadoc for the interface
-      that it implements.  The interface is usually the
-      "key" attribute in the declaration.
-    - To find specific implementation of each Manager or
-      Adapter, look at the javadoc for the actual class.  The 
-      class can be found in the <class> element.
-    - To find out the configuration parameters for each Manager 
-      or Adapter, look at the javadoc for the actual implementation
-      class.  It should be documented in the description of the 
-      class.
-    - To know more about the components.xml in general, look for
-      the javadoc for ComponentLocator.java.
-
-  If you found that the Manager or Adapter are not properly 
-  documented, please contact the author.
--->
-<components-nonoss.xml>
-    <system-integrity-checker class="com.cloud.upgrade.DatabaseUpgradeChecker">
-        <checker name="ManagementServerNode" class="com.cloud.cluster.ManagementServerNode"/>
-        <checker name="PremiumDatabaseUpgradeChecker" class="com.cloud.upgrade.PremiumDatabaseUpgradeChecker"/>
-    </system-integrity-checker>
-
-    <management-server class="com.cloud.server.ManagementServerExtImpl" library="com.cloud.configuration.PremiumComponentLibrary" extends="components.xml:management-server">
-        <adapters key="com.cloud.ha.Investigator">
-    <adapter name="VmwareInvestigator" class="com.cloud.ha.VmwareInvestigator"/>
-    </adapters>
-    
-    <adapters key="com.cloud.ha.FenceBuilder">
-    <adapter name="VmwareFenceBuilder" class="com.cloud.ha.VmwareFencer"/>
-    </adapters>
-    
-    <adapters key="com.cloud.resource.Discoverer">
-    <adapter name="VShpereServer" class="com.cloud.hypervisor.vmware.VmwareServerDiscoverer"/>
-    </adapters>
-    
-    <adapters key="com.cloud.network.element.NetworkElement">
-     <adapter name="JuniperSRX" class="com.cloud.network.element.JuniperSRXExternalFirewallElement"/>
-	 <adapter name="Netscaler" class="com.cloud.network.element.NetscalerElement"/>
-	 <adapter name="F5BigIP" class="com.cloud.network.element.F5ExternalLoadBalancerElement"/>
-	 <adapter name="CiscoNexus1000vVSM" class="com.cloud.network.element.CiscoNexusVSMElement"/>
-	 </adapters>
-	 
-	 <adapters key="com.cloud.hypervisor.HypervisorGuru">
-	  <adapter name="VMwareGuru" class="com.cloud.hypervisor.guru.VMwareGuru"/>
-	  </adapters>
-	  
-	  <manager name="VmwareManager" key="com.cloud.hypervisor.vmware.manager.VmwareManager" class="com.cloud.hypervisor.vmware.manager.VmwareManagerImpl"/>
-	  <manager name="NetappManager" key="com.cloud.netapp.NetappManager" class="com.cloud.netapp.NetappManagerImpl"/>
-	  <pluggableservice name="NetscalerExternalLoadBalancerElementService" key="com.cloud.network.element.NetscalerLoadBalancerElementService" class="com.cloud.network.element.NetscalerElement"/>
-	  <pluggableservice name="F5ExternalLoadBalancerElementService" key="com.cloud.network.element.F5ExternalLoadBalancerElementService" class="com.cloud.network.element.F5ExternalLoadBalancerElement"/>
-	   <pluggableservice name="JuniperSRXFirewallElementService" key="com.cloud.network.element.JuniperSRXFirewallElementService" class="com.cloud.network.element.JuniperSRXExternalFirewallElement"/>
-	<pluggableservice name="CiscoNexusVSMElementService" key="com.cloud.network.element.CiscoNexusVSMElementService" class="com.cloud.network.element.CiscoNexusVSMElement"/>
-	  
-	  <dao name="NetScalerPodDao" class="com.cloud.network.dao.NetScalerPodDaoImpl" singleton="false"/>
-	  <dao name="CiscoNexusVSMDeviceDao" class="com.cloud.network.dao.CiscoNexusVSMDeviceDaoImpl" singleton="false"/>
-	   <dao name="NetappPool" class="com.cloud.netapp.dao.PoolDaoImpl" singleton="false"/>
-		<dao name="NetappVolume" class="com.cloud.netapp.dao.VolumeDaoImpl" singleton="false"/>
-	  <dao name="NetappLun" class="com.cloud.netapp.dao.LunDaoImpl" singleton="false"/>
-	    <dao name="Configuration configuration server" class="com.cloud.configuration.dao.ConfigurationDaoImpl" singleton="false">
-             <param name="premium">true</param>
-        </dao>
-    </management-server>
-    <configuration-server class="com.cloud.server.ConfigurationServerImpl" extends="components.xml:configuration-server">
-        <dao name="Configuration configuration server" class="com.cloud.configuration.dao.ConfigurationDaoImpl" singleton="false">
-             <param name="premium">true</param>
-        </dao>
-    </configuration-server>
-    
-
-    
-</components-nonoss.xml>
diff --git a/client/tomcatconf/components.xml.in b/client/tomcatconf/components.xml.in
deleted file mode 100755
index 1d3faf384dc..00000000000
--- a/client/tomcatconf/components.xml.in
+++ /dev/null
@@ -1,306 +0,0 @@
-<?xml version="1.0"?>
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements.  See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership.  The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License.  You may obtain a copy of the License at
-
-  http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied.  See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-<!--
-  components.xml is the configuration file for the VM Ops
-  insertion servers.  Someone can quickly pull together an
-  insertion server by selecting the correct adapters to use.
-
-  Here are some places to look for information.
-    - To find out the general functionality that each Manager 
-      or Adapter provide, look at the javadoc for the interface
-      that it implements.  The interface is usually the
-      "key" attribute in the declaration.
-    - To find specific implementation of each Manager or
-      Adapter, look at the javadoc for the actual class.  The 
-      class can be found in the <class> element.
-    - To find out the configuration parameters for each Manager 
-      or Adapter, look at the javadoc for the actual implementation
-      class.  It should be documented in the description of the 
-      class.
-    - To know more about the components.xml in general, look for
-      the javadoc for ComponentLocator.java.
-
-  If you found that the Manager or Adapter are not properly 
-  documented, please contact the author.
--->
-<components.xml>
-    <system-integrity-checker class="com.cloud.upgrade.DatabaseUpgradeChecker">
-        <checker name="ManagementServerNode" class="com.cloud.cluster.ManagementServerNode"/>
-        <checker name="EncryptionSecretKeyChecker" class="com.cloud.utils.crypt.EncryptionSecretKeyChecker"/>
-        <checker name="DatabaseIntegrityChecker" class="com.cloud.upgrade.DatabaseIntegrityChecker"/>
-        <checker name="DatabaseUpgradeChecker" class="com.cloud.upgrade.PremiumDatabaseUpgradeChecker"/>
-    </system-integrity-checker>
-
-    <interceptor library="com.cloud.configuration.DefaultInterceptorLibrary"/>
-    <management-server class="com.cloud.server.ManagementServerExtImpl" library="com.cloud.configuration.PremiumComponentLibrary">
-        <dao name="Configuration configuration server" class="com.cloud.configuration.dao.ConfigurationDaoImpl">
-             <param name="premium">true</param>
-        </dao>
-        <adapters key="org.apache.cloudstack.acl.APIChecker">
-            <adapter name="AccountBasedAPIRateLimit" class="org.apache.cloudstack.ratelimit.ApiRateLimitServiceImpl" singleton="true">
-                 <param name="api.throttling.interval">1</param>
-                 <param name="api.throttling.max">25</param>
-                 <param name="api.throttling.cachesize">50000</param>
-            </adapter>        
-            <adapter name="StaticRoleBasedAPIAccessChecker" class="org.apache.cloudstack.acl.StaticRoleBasedAPIAccessChecker"/>
-        </adapters>
-        <adapters key="com.cloud.agent.manager.allocator.HostAllocator">
-            <adapter name="FirstFitRouting" class="com.cloud.agent.manager.allocator.impl.FirstFitRoutingAllocator"/>
-            <!--adapter name="FirstFitRouting" class="com.cloud.agent.manager.allocator.impl.RecreateHostAllocator"/-->
-            <!--adapter name="FirstFit" class="com.cloud.agent.manager.allocator.impl.FirstFitAllocator"/-->
-        </adapters>
-        <adapters key="com.cloud.agent.manager.allocator.PodAllocator">
-            <adapter name="User First" class="com.cloud.agent.manager.allocator.impl.UserConcentratedAllocator"/>
-        </adapters>
-        <adapters key="com.cloud.consoleproxy.ConsoleProxyAllocator">
-            <adapter name="Balance" class="com.cloud.consoleproxy.ConsoleProxyBalanceAllocator"/>
-        </adapters>
-        <adapters key="com.cloud.network.guru.NetworkGuru">
-            <!--
-                 NOTE: The order of those gurus implicates priority of network traffic types the guru implements.
-                 The upper the higher priority. It effects listTafficTypeImplementors API which returns impelmentor
-                 of a specific network traffic.
-                 A fair question is, if two gurus implement the same two network traffic types, but these traffic types
-                 have cross priority, how to rank them? For example:
-                    GuruA (TrafficTypeA, TrafficTypeB)
-                    GuruB (TrafficTypeA, TrafficTypeB)
-                 we want GuruB.TrafficTypeB > GuruA.TrafficTypeB and GuruB.TrafficTypeA < GuruA.TrafficTypeA. As the priority
-                 implicated by order can not map to multiple traffic type, you have to do implement GuruC which inherits GuruB
-                 for TrafficTypeB. Then ranking them in order of:
-                    GuruC (TrafficTypeB)
-                    GuruA (TrafficTypeA, TrafficTypeB)
-                    GuruB (TrafficTypeA, TrafficTypeB)
-                 now GuruC represents TrafficTypeB with highest priority while GuruA represents TrafficTypeA with highest pirority.
-
-                 However, above case barely happens.
-            -->
-
-            <adapter name="StorageNetworkGuru" class="com.cloud.network.guru.StorageNetworkGuru"/>
-            <adapter name="ExternalGuestNetworkGuru" class="com.cloud.network.guru.ExternalGuestNetworkGuru"/>
-            <adapter name="PublicNetworkGuru" class="com.cloud.network.guru.PublicNetworkGuru"/>
-            <adapter name="PodBasedNetworkGuru" class="com.cloud.network.guru.PodBasedNetworkGuru"/>
-            <adapter name="ControlNetworkGuru" class="com.cloud.network.guru.ControlNetworkGuru"/>
-            <adapter name="DirectNetworkGuru" class="com.cloud.network.guru.DirectNetworkGuru"/>
-            <adapter name="DirectPodBasedNetworkGuru" class="com.cloud.network.guru.DirectPodBasedNetworkGuru"/>
-            <adapter name="OvsGuestNetworkGuru" class="com.cloud.network.guru.OvsGuestNetworkGuru"/>
-            <adapter name="PrivateNetworkGuru" class="com.cloud.network.guru.PrivateNetworkGuru"/>
-            <adapter name="NiciraNvpGuestNetworkGuru" class="com.cloud.network.guru.NiciraNvpGuestNetworkGuru"/>
-            <adapter name="BigSwitchVnsGuestNetworkGuru" class="com.cloud.network.guru.BigSwitchVnsGuestNetworkGuru"/>
-        </adapters>
-        <adapters key="com.cloud.cluster.ClusterServiceAdapter">
-            <adapter name="ClusterService" class="com.cloud.cluster.ClusterServiceServletAdapter"/>
-        </adapters>
-        <adapters key="com.cloud.storage.secondary.SecondaryStorageVmAllocator">
-            <adapter name="Balance" class="com.cloud.storage.secondary.SecondaryStorageVmDefaultAllocator"/>
-        </adapters>
-        <adapters key="com.cloud.network.IpAddrAllocator">
-            <adapter name="Basic" class="com.cloud.network.ExteralIpAddressAllocator"/>
-        </adapters>
-        <adapters key="com.cloud.server.auth.UserAuthenticator">
-            <!-- <adapter name="SHA256SALT" class="com.cloud.server.auth.SHA256SaltedUserAuthenticator"/> -->
-            <adapter name="MD5" class="com.cloud.server.auth.MD5UserAuthenticator"/>
-            <adapter name="LDAP" class="com.cloud.server.auth.LDAPUserAuthenticator"/>
-        </adapters>
-        <adapters key="com.cloud.ha.Investigator">
-            <adapter name="SimpleInvestigator" class="com.cloud.ha.CheckOnAgentInvestigator"/>
-            <adapter name="XenServerInvestigator" class="com.cloud.ha.XenServerInvestigator"/>
-            <adapter name="PingInvestigator" class="com.cloud.ha.UserVmDomRInvestigator"/>
-			<adapter name="ManagementIPSysVMInvestigator" class="com.cloud.ha.ManagementIPSystemVMInvestigator"/>
-        </adapters>
-        <adapters key="com.cloud.ha.FenceBuilder">
-            <adapter name="XenServerFenceBuilder" class="com.cloud.ha.XenServerFencer"/>
-            <adapter name="KVMFenceBuilder" class="com.cloud.ha.KVMFencer"/>
-            <adapter name="OvmFenceBuilder" class="com.cloud.ovm.hypervisor.OvmFencer"/>
-        </adapters>
-        <adapters key="com.cloud.hypervisor.HypervisorGuru">
-            <adapter name="XenServerGuru" class="com.cloud.hypervisor.XenServerGuru"/>
-            <adapter name="KVMGuru" class="com.cloud.hypervisor.KVMGuru"/>
-        </adapters>
-        <adapters key="com.cloud.resource.Discoverer">
-            <adapter name="XCP Agent" class="com.cloud.hypervisor.xen.discoverer.XcpServerDiscoverer"/>
-            <adapter name="SecondaryStorage" class="com.cloud.storage.secondary.SecondaryStorageDiscoverer"/>
-            <adapter name="KVM Agent" class="com.cloud.hypervisor.kvm.discoverer.KvmServerDiscoverer"/>
-            <adapter name="Bare Metal Agent" class="com.cloud.baremetal.BareMetalDiscoverer"/>
-            <adapter name="SCVMMServer" class="com.cloud.hypervisor.hyperv.HypervServerDiscoverer"/>            
-			<adapter name="Ovm Discover" class="com.cloud.ovm.hypervisor.OvmDiscoverer" />
-        </adapters>
-        <adapters key="com.cloud.deploy.DeploymentPlanner">
-            <adapter name="First Fit" class="com.cloud.deploy.FirstFitPlanner"/>
-            <adapter name="UserDispersing" class="com.cloud.deploy.UserDispersingPlanner"/>
-            <adapter name="UserConcentratedPod" class="com.cloud.deploy.UserConcentratedPodPlanner"/>
-            <adapter name="BareMetal Fit" class="com.cloud.deploy.BareMetalPlanner"/>
-        </adapters>
-        <adapters key="com.cloud.alert.AlertAdapter">
-            <adapter name="ClusterAlert" class="com.cloud.alert.ClusterAlertAdapter"/>
-            <adapter name="ConsoleProxyAlert" class="com.cloud.alert.ConsoleProxyAlertAdapter"/>
-            <adapter name="SecondaryStorageVmAlert" class="com.cloud.alert.SecondaryStorageVmAlertAdapter"/>
-        </adapters>
-        <adapters key="org.apache.cloudstack.acl.SecurityChecker">
-            <adapter name="DomainChecker" class="com.cloud.acl.DomainChecker"/>
-        </adapters>
-        <adapters key="com.cloud.network.element.NetworkElement">
-            <adapter name="VirtualRouter" class="com.cloud.network.element.VirtualRouterElement"/>
-            <adapter name="Ovs" class="com.cloud.network.element.OvsElement"/>
-            <adapter name="ExternalDhcpServer" class="com.cloud.network.element.ExternalDhcpElement"/>
-            <adapter name="BareMetal" class="com.cloud.network.element.BareMetalElement"/>
-            <adapter name="SecurityGroupProvider" class="com.cloud.network.element.SecurityGroupElement"/>
-            <adapter name="VpcVirtualRouter" class="com.cloud.network.element.VpcVirtualRouterElement"/>
-            <adapter name="NiciraNvp" class="com.cloud.network.element.NiciraNvpElement"/>
-            <adapter name="BigSwitchVns" class="com.cloud.network.element.BigSwitchVnsElement"/>
-        </adapters>
-        <adapters key="com.cloud.network.element.FirewallServiceProvider">
-            <adapter name="VirtualRouter" class="com.cloud.network.element.VirtualRouterElement"/>
-            <adapter name="VpcVirtualRouter" class="com.cloud.network.element.VpcVirtualRouterElement"/>
-        </adapters>
-        <adapters key="com.cloud.network.element.DhcpServiceProvider">
-            <adapter name="VirtualRouter" class="com.cloud.network.element.VirtualRouterElement"/>
-            <adapter name="ExternalDhcpElement" class="com.cloud.network.element.ExternalDhcpElement"/>
-            <adapter name="VpcVirtualRouter" class="com.cloud.network.element.VpcVirtualRouterElement"/>           
-        </adapters>
-        <adapters key="com.cloud.network.element.UserDataServiceProvider">
-            <adapter name="VirtualRouter" class="com.cloud.network.element.VirtualRouterElement"/>
-            <adapter name="VpcVirtualRouter" class="com.cloud.network.element.VpcVirtualRouterElement"/>
-        </adapters>
-        <adapters key="com.cloud.network.element.SourceNatServiceProvider">
-            <adapter name="VirtualRouter" class="com.cloud.network.element.VirtualRouterElement"/>
-            <adapter name="VpcVirtualRouter" class="com.cloud.network.element.VpcVirtualRouterElement"/>
-            <adapter name="NiciraNvp" class="com.cloud.network.element.NiciraNvpElement"/>  
-        </adapters>
-        <adapters key="com.cloud.network.element.StaticNatServiceProvider">
-            <adapter name="VirtualRouter" class="com.cloud.network.element.VirtualRouterElement"/>
-            <adapter name="VpcVirtualRouter" class="com.cloud.network.element.VpcVirtualRouterElement"/>
-            <adapter name="NiciraNvp" class="com.cloud.network.element.NiciraNvpElement"/>
-        </adapters>
-        <adapters key="com.cloud.network.element.PortForwardingServiceProvider">
-            <adapter name="VirtualRouter" class="com.cloud.network.element.VirtualRouterElement"/>
-            <adapter name="VpcVirtualRouter" class="com.cloud.network.element.VpcVirtualRouterElement"/>
-            <adapter name="NiciraNvp" class="com.cloud.network.element.NiciraNvpElement"/>
-        </adapters>
-        <adapters key="com.cloud.network.element.LoadBalancingServiceProvider">
-            <adapter name="VirtualRouter" class="com.cloud.network.element.VirtualRouterElement"/>
-            <adapter name="VpcVirtualRouter" class="com.cloud.network.element.VpcVirtualRouterElement"/>
-        </adapters>
-        <adapters key="com.cloud.network.element.RemoteAccessVPNServiceProvider">
-            <adapter name="VirtualRouter" class="com.cloud.network.element.VirtualRouterElement"/>
-        </adapters>
-        <adapters key="com.cloud.network.element.Site2SiteVpnServiceProvider">
-            <adapter name="VpcVirtualRouter" class="com.cloud.network.element.VpcVirtualRouterElement"/>
-        </adapters>
-        <adapters key="com.cloud.network.element.IpDeployer">
-            <adapter name="VirtualRouter" class="com.cloud.network.element.VirtualRouterElement"/>
-            <adapter name="VpcVirtualRouter" class="com.cloud.network.element.VpcVirtualRouterElement"/>
-            <adapter name="NiciraNvp" class="com.cloud.network.element.NiciraNvpElement"/>
-        </adapters>
-        <adapters key="com.cloud.network.element.ConnectivityProvider">
-            <adapter name="NiciraNvp" class="com.cloud.network.element.NiciraNvpElement"/>
-            <adapter name="BigSwitchVns" class="com.cloud.network.element.BigSwitchVnsElement"/>
-        </adapters>
-        <adapters key="com.cloud.network.element.NetworkACLServiceProvider">
-            <adapter name="VpcVirtualRouter" class="com.cloud.network.element.VpcVirtualRouterElement"/>
-        </adapters>
-        <adapters key="com.cloud.network.element.VpcProvider">
-            <adapter name="VpcVirtualRouter" class="com.cloud.network.element.VpcVirtualRouterElement"/>
-        </adapters>
-
-        <adapters key="com.cloud.cluster.agentlb.AgentLoadBalancerPlanner">
-            <adapter name="ClusterBasedAgentLbPlanner" class="com.cloud.cluster.agentlb.ClusterBasedAgentLoadBalancerPlanner"/>
-        </adapters>
-        <adapters key="com.cloud.hypervisor.HypervisorGuru">
-            <adapter name="XenServerGuru" class="com.cloud.hypervisor.XenServerGuru"/>
-            <adapter name="KVMGuru" class="com.cloud.hypervisor.KVMGuru"/>
-            <adapter name="BareMetalGuru" class="com.cloud.baremetal.BareMetalGuru"/>
-            <adapter name="HypervGuru" class="com.cloud.hypervisor.guru.HypervGuru"/>            
-            <adapter name="OvmGuru" class="com.cloud.ovm.hypervisor.OvmGuru" />
-        </adapters>
-        <adapters key="com.cloud.agent.StartupCommandProcessor">
-            <adapter name="BasicAgentAuthorizer" class="com.cloud.agent.manager.authn.impl.BasicAgentAuthManager"/>
-        </adapters>
-        <manager name="OvsTunnelManager" key="com.cloud.network.ovs.OvsTunnelManager" class="com.cloud.network.ovs.OvsTunnelManagerImpl"/>
-        <manager name="ElasticLoadBalancerManager" key="com.cloud.network.lb.ElasticLoadBalancerManager" class="com.cloud.network.lb.ElasticLoadBalancerManagerImpl"/>
-        <pluggableservice name="ApiDiscoveryService" key="org.apache.cloudstack.discovery.ApiDiscoveryService" class="org.apache.cloudstack.discovery.ApiDiscoveryServiceImpl"/>
-        <pluggableservice name="VirtualRouterElementService" key="com.cloud.network.element.VirtualRouterElementService" class="com.cloud.network.element.VirtualRouterElement"/>
-        <pluggableservice name="NiciraNvpElementService" key="com.cloud.network.element.NiciraNvpElementService" class="com.cloud.network.element.NiciraNvpElement"/>
-        <pluggableservice name="ApiRateLimitService" key="org.apache.cloudstack.ratelimit.ApiRateLimitService" class="org.apache.cloudstack.ratelimit.ApiRateLimitServiceImpl"/>
-        <pluggableservice name="BigSwitchVnsElementService" key="com.cloud.network.element.BigSwitchVnsElementService" class="com.cloud.network.element.BigSwitchVnsElement"/>
-        <dao name="OvsTunnelInterfaceDao" class="com.cloud.network.ovs.dao.OvsTunnelInterfaceDaoImpl" singleton="false"/>
-        <dao name="OvsTunnelAccountDao" class="com.cloud.network.ovs.dao.OvsTunnelNetworkDaoImpl" singleton="false"/>
-        <dao name="NiciraNvpDao" class="com.cloud.network.dao.NiciraNvpDaoImpl" singleton="false"/>
-        <dao name="NiciraNvpNicMappingDao" class="com.cloud.network.dao.NiciraNvpNicMappingDaoImpl" singleton="false"/>
-        <dao name="NiciraNvpRouterMappingDao" class="com.cloud.network.dao.NiciraNvpRouterMappingDaoImpl" singleton="false"/>
-        <dao name="ElasticLbVmMapDao" class="com.cloud.network.lb.dao.ElasticLbVmMapDaoImpl" singleton="false"/>
-        <dao name="BigSwitchVnsDao" class="com.cloud.network.dao.BigSwitchVnsDaoImpl" singleton="false"/>
-    </management-server>
-
-    <configuration-server class="com.cloud.server.ConfigurationServerImpl">
-        <dao name="Configuration configuration server" class="com.cloud.configuration.dao.ConfigurationDaoImpl" singleton="false">
-             <param name="premium">true</param>
-        </dao>
-        <dao name="Snapshot policy defaults" class="com.cloud.storage.dao.SnapshotPolicyDaoImpl" singleton="false"/>
-        <dao name="DiskOffering configuration server" class="com.cloud.storage.dao.DiskOfferingDaoImpl" singleton="false"/>         
-        <dao name="ServiceOffering configuration server" class="com.cloud.service.dao.ServiceOfferingDaoImpl" singleton="false"/>
-        <dao name="host zone configuration server" class="com.cloud.dc.dao.DataCenterDaoImpl" singleton="false"/>
-        <dao name="host pod configuration server" class="com.cloud.dc.dao.HostPodDaoImpl" singleton="false"/>
-        <dao name="DomainDao" class="com.cloud.domain.dao.DomainDaoImpl" singleton="false"/>
-        <dao name="NetworkOfferingDao" class="com.cloud.offerings.dao.NetworkOfferingDaoImpl" singleton="false"/>
-        <dao name="DataCenterDao" class="com.cloud.dc.dao.DataCenterDaoImpl" singleton="false"/>
-        <dao name="NetworkDao" class="com.cloud.network.dao.NetworkDaoImpl" singleton="false"/>
-        <dao name="IpAddressDao" class="com.cloud.network.dao.IPAddressDaoImpl" singleton="false"/>     
-        <dao name="VlanDao" class="com.cloud.dc.dao.VlanDaoImpl" singleton="false"/>
-        <dao name="ResouceCountDao" class="com.cloud.configuration.dao.ResourceCountDaoImpl" singleton="false"/>
-        <dao name="AccountDao" class="com.cloud.user.dao.AccountDaoImpl" singleton="false"/>
-        <dao name="UserDao" class="com.cloud.user.dao.UserDaoImpl" singleton="false"/>
-        <dao name="NetworkOfferingServiceDao" class="com.cloud.offerings.dao.NetworkOfferingServiceMapDaoImpl" singleton="false"/>
-        <dao name="VirtualRouterProviderDao" class="com.cloud.network.dao.VirtualRouterProviderDaoImpl" singleton="false"/>
-        <dao name="IdentityDao" class="com.cloud.uuididentity.dao.IdentityDaoImpl" singleton="false"/>
-        <dao name="Site2SiteCustomerGatewayDao" class="com.cloud.network.dao.Site2SiteCustomerGatewayDaoImpl" singleton="false"/>
-        <dao name="Site2SiteVpnGatewayDao" class="com.cloud.network.dao.Site2SiteVpnGatewayDaoImpl" singleton="false"/>
-        <dao name="Site2SiteVpnConnectionDao" class="com.cloud.network.dao.Site2SiteVpnConnectionDaoImpl" singleton="false"/>
-        <dao name="RegionDao" class="org.apache.cloudstack.region.dao.RegionDaoImpl" singleton="false"/>
-        <dao name="UserIpv6AddressDao" class="com.cloud.network.dao.UserIpv6AddressDaoImpl" singleton="false"/>
-    </configuration-server>
-    
-    <awsapi-ec2server class="com.cloud.bridge.service.EC2MainServlet">
-        <dao name="CloudStackConfigurationDao" class="com.cloud.bridge.persist.dao.CloudStackConfigurationDaoImpl" singleton="false"/>
-        <dao name="UserCredentialsDao" class="com.cloud.bridge.persist.dao.UserCredentialsDaoImpl" singleton="false"/>
-        <dao name="CloudStackSvcOfferingDao" class="com.cloud.bridge.persist.dao.CloudStackSvcOfferingDaoImpl" singleton="false"/>
-        <dao name="OfferingDao" class="com.cloud.bridge.persist.dao.OfferingDaoImpl" singleton="false"/>
-        <dao name="CloudStackAccountDao" class="com.cloud.bridge.persist.dao.CloudStackAccountDaoImpl" singleton="false"/>
-        <dao name="CloudStackUserDao" class="com.cloud.bridge.persist.dao.CloudStackUserDaoImpl" singleton="false"/>
-    </awsapi-ec2server>
-    
-    <awsapi-s3server class="com.cloud.bridge.service.S3RestServlet">
-        <dao name="CloudStackConfigurationDao" class="com.cloud.bridge.persist.dao.CloudStackConfigurationDaoImpl" singleton="false"/>
-        <dao name="MHostDao" class="com.cloud.bridge.persist.dao.MHostDaoImpl" singleton="false"/>
-        <dao name="SHostDao" class="com.cloud.bridge.persist.dao.SHostDaoImpl" singleton="false"/>
-        <dao name="UserCredentialsDao" class="com.cloud.bridge.persist.dao.UserCredentialsDaoImpl" singleton="false"/>
-        <dao name="BucketPolicyDao" class="com.cloud.bridge.persist.dao.BucketPolicyDaoImpl" singleton="false"/>
-        <dao name="MHostMountDao" class="com.cloud.bridge.persist.dao.MHostMountDaoImpl" singleton="false"/>
-        <dao name="SAclDao" class="com.cloud.bridge.persist.dao.SAclDaoImpl" singleton="false"/>
-        <dao name="SBucketDao" class="com.cloud.bridge.persist.dao.SBucketDaoImpl" singleton="false"/>
-        <dao name="SMetaDao" class="com.cloud.bridge.persist.dao.SMetaDaoImpl" singleton="false"/>
-        <dao name="SObjectDao" class="com.cloud.bridge.persist.dao.SObjectDaoImpl" singleton="false"/>
-        <dao name="SObjectItemDao" class="com.cloud.bridge.persist.dao.SObjectItemDaoImpl" singleton="false"/>
-        <dao name="MultiPartPartsDao" class="com.cloud.bridge.persist.dao.MultiPartPartsDaoImpl" singleton="false"/>
-        <dao name="MultiPartUploadsDao" class="com.cloud.bridge.persist.dao.MultiPartUploadsDaoImpl" singleton="false"/>
-        <dao name="MultipartMetaDao" class="com.cloud.bridge.persist.dao.MultipartMetaDaoImpl" singleton="false"/>
-        <dao name="UserCredentialsDao" class="com.cloud.bridge.persist.dao.UserCredentialsDaoImpl" singleton="false"/>
-    </awsapi-s3server>
-    
-</components.xml>
diff --git a/client/tomcatconf/nonossComponentContext.xml.in b/client/tomcatconf/nonossComponentContext.xml.in
index 20e0c32db57..7e3552db67e 100644
--- a/client/tomcatconf/nonossComponentContext.xml.in
+++ b/client/tomcatconf/nonossComponentContext.xml.in
@@ -113,11 +113,7 @@
   
   <bean id="hypervisorTemplateAdapter" class="com.cloud.template.HypervisorTemplateAdapter">
     <property name="name" value="HypervisorAdapter"/>
-  </bean> 
-  
-   <bean id="bareMetalTemplateAdapter" class="com.cloud.baremetal.BareMetalTemplateAdapter">
-    <property name="name" value="BareMetalAdapter"/>
-  </bean> 
+  </bean>
   
   <!--
     Storage pool allocators
diff --git a/core/src/com/cloud/agent/api/NetworkRulesVmSecondaryIpCommand.java b/core/src/com/cloud/agent/api/NetworkRulesVmSecondaryIpCommand.java
new file mode 100644
index 00000000000..ce4080878a1
--- /dev/null
+++ b/core/src/com/cloud/agent/api/NetworkRulesVmSecondaryIpCommand.java
@@ -0,0 +1,71 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.agent.api;
+
+import com.cloud.vm.VirtualMachine;
+
+public class NetworkRulesVmSecondaryIpCommand extends Command {
+
+    private String vmName;
+    private VirtualMachine.Type type;
+    private String vmSecIp;
+    private String vmMac;
+    private String action;
+
+    public NetworkRulesVmSecondaryIpCommand(String vmName, VirtualMachine.Type type) {
+        this.vmName = vmName;
+        this.type = type;
+    }
+
+
+    public NetworkRulesVmSecondaryIpCommand(String vmName, String vmMac,
+            String secondaryIp, boolean action) {
+        this.vmName = vmName;
+        this.vmMac = vmMac;
+        this.vmSecIp = secondaryIp;
+        if (action) {
+            this.action = "-A";
+        } else {
+            this.action = "-D";
+        }
+    }
+
+    public String getVmName() {
+        return vmName;
+    }
+
+    public VirtualMachine.Type getType() {
+        return type;
+    }
+
+    public String getVmSecIp() {
+        return vmSecIp;
+    }
+
+    public String getVmMac() {
+        return vmMac;
+    }
+
+    public String getAction() {
+        return action;
+    }
+
+    @Override
+    public boolean executeInSequence() {
+        return false;
+    }
+}
diff --git a/debian/cloudstack-management.postinst b/debian/cloudstack-management.postinst
index 5b6b4b351c3..7b6a1ed6d71 100644
--- a/debian/cloudstack-management.postinst
+++ b/debian/cloudstack-management.postinst
@@ -20,7 +20,7 @@ if [ "$1" = configure ]; then
     if ! getent passwd cloud >/dev/null; then
         adduser --quiet --system --group --no-create-home --home /var/lib/cloudstack/management cloud
     else
-        usermod -m /var/lib/cloudstack/management cloud
+        usermod -m -d /var/lib/cloudstack/management cloud
     fi
     chown cloud /var/log/cloudstack/management
-fi
+fi
\ No newline at end of file
diff --git a/debian/cloudstack-usage.install b/debian/cloudstack-usage.install
index 53f2a56afa3..4722e688dcd 100644
--- a/debian/cloudstack-usage.install
+++ b/debian/cloudstack-usage.install
@@ -15,7 +15,8 @@
 # specific language governing permissions and limitations
 # under the License.
 
-/usr/share/cloudstack-usage/lib/cloudstack-usage.jar
+/usr/share/cloudstack-usage/lib/*
+/usr/share/cloudstack-usage/plugins
 /etc/init.d/cloudstack-usage
 /var/log/cloudstack/usage
 /etc/cloudstack/usage/*
diff --git a/debian/rules b/debian/rules
index f0cb67f276a..7fc6425b34f 100755
--- a/debian/rules
+++ b/debian/rules
@@ -64,8 +64,8 @@ install:
 	mkdir $(DESTDIR)/var/log/$(PACKAGE)/agent
 	mkdir $(DESTDIR)/usr/share/$(PACKAGE)-agent
 	mkdir $(DESTDIR)/usr/share/$(PACKAGE)-agent/plugins
-	install -D agent/target/cloud-agent-4.2.0-SNAPSHOT.jar $(DESTDIR)/usr/share/$(PACKAGE)-agent/lib/$(PACKAGE)-agent.jar
-	install -D plugins/hypervisors/kvm/target/cloud-plugin-hypervisor-kvm-4.2.0-SNAPSHOT.jar $(DESTDIR)/usr/share/$(PACKAGE)-agent/lib/
+	install -D agent/target/cloud-agent-$(VERSION)-SNAPSHOT.jar $(DESTDIR)/usr/share/$(PACKAGE)-agent/lib/$(PACKAGE)-agent.jar
+	install -D plugins/hypervisors/kvm/target/cloud-plugin-hypervisor-kvm-$(VERSION)-SNAPSHOT.jar $(DESTDIR)/usr/share/$(PACKAGE)-agent/lib/
 	install -D plugins/hypervisors/kvm/target/dependencies/* $(DESTDIR)/usr/share/$(PACKAGE)-agent/lib/
 	install -D packaging/debian/init/cloud-agent $(DESTDIR)/$(SYSCONFDIR)/init.d/$(PACKAGE)-agent
 	install -D agent/bindir/cloud-setup-agent.in $(DESTDIR)/usr/bin/cloud-setup-agent
@@ -86,14 +86,14 @@ install:
 	mkdir $(DESTDIR)/var/lib/$(PACKAGE)/management
 	mkdir $(DESTDIR)/var/lib/$(PACKAGE)/mnt
 	cp -r client/target/utilities/scripts/db/* $(DESTDIR)/usr/share/$(PACKAGE)-management/setup/
-	cp -r client/target/cloud-client-ui-4.2.0-SNAPSHOT/* $(DESTDIR)/usr/share/$(PACKAGE)-management/webapps/client/
+	cp -r client/target/cloud-client-ui-$(VERSION)-SNAPSHOT/* $(DESTDIR)/usr/share/$(PACKAGE)-management/webapps/client/
 	cp server/target/conf/* $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/server/
 	cp client/target/conf/* $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/management/
 	ln -s tomcat6-nonssl.conf $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/management/tomcat6.conf
 	mkdir -p $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/management/Catalina/localhost/client
 	install -D packaging/debian/init/cloud-management $(DESTDIR)/$(SYSCONFDIR)/init.d/$(PACKAGE)-management
 	install -D client/bindir/cloud-update-xenserver-licenses.in $(DESTDIR)/usr/bin/cloud-update-xenserver-licenses
-	install -D server/target/cloud-server-4.2.0-SNAPSHOT.jar $(DESTDIR)/usr/share/$(PACKAGE)-management/lib/$(PACKAGE)-server.jar
+	install -D server/target/cloud-server-$(VERSION)-SNAPSHOT.jar $(DESTDIR)/usr/share/$(PACKAGE)-management/lib/$(PACKAGE)-server.jar
 	ln -s /usr/share/tomcat6/bin $(DESTDIR)/usr/share/$(PACKAGE)-management/bin
 	ln -s ../../..$(SYSCONFDIR)/$(PACKAGE)/management $(DESTDIR)/usr/share/$(PACKAGE)-management/conf
 	ln -s /usr/share/tomcat6/lib $(DESTDIR)/usr/share/$(PACKAGE)-management/lib
@@ -115,7 +115,7 @@ install:
 	install -D client/target/utilities/bin/cloud-set-guest-sshkey $(DESTDIR)/usr/bin
 	install -D client/target/utilities/bin/cloud-setup-databases $(DESTDIR)/usr/bin
 	install -D client/target/utilities/bin/cloud-setup-management $(DESTDIR)/usr/bin
-	install -D services/console-proxy/server/dist/systemvm.iso $(DESTDIR)/usr/share/$(PACKAGE)-common/vms/systemvm.iso
+	install -D client/target/cloud-client-ui-$(VERSION)-SNAPSHOT/WEB-INF/classes/vms/systemvm.iso $(DESTDIR)/usr/share/$(PACKAGE)-common/vms/systemvm.iso
 
 	# cloudstack-python
 	mkdir -p $(DESTDIR)/usr/lib/python2.7/dist-packages
@@ -124,7 +124,10 @@ install:
 	# cloudstack-usage
 	mkdir $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/usage
 	mkdir $(DESTDIR)/var/log/$(PACKAGE)/usage
-	install -D usage/target/cloud-usage-4.2.0-SNAPSHOT.jar $(DESTDIR)/usr/share/$(PACKAGE)-usage/lib/$(PACKAGE)-usage.jar
+	mkdir $(DESTDIR)/usr/share/$(PACKAGE)-usage
+	mkdir $(DESTDIR)/usr/share/$(PACKAGE)-usage/plugins
+	install -D usage/target/cloud-usage-$(VERSION)-SNAPSHOT.jar $(DESTDIR)/usr/share/$(PACKAGE)-usage/lib/$(PACKAGE)-usage.jar
+	install -D usage/target/dependencies/* $(DESTDIR)/usr/share/$(PACKAGE)-usage/lib/
 	cp usage/target/transformed/* $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/usage/
 	ln -s ../management/db.properties $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/usage/db.properties
 	install -D packaging/debian/init/cloud-usage $(DESTDIR)/$(SYSCONFDIR)/init.d/$(PACKAGE)-usage
diff --git a/engine/storage/volume/src/org/apache/cloudstack/storage/volume/VolumeServiceImpl.java b/engine/storage/volume/src/org/apache/cloudstack/storage/volume/VolumeServiceImpl.java
index c019374d9b9..32e7d274f01 100644
--- a/engine/storage/volume/src/org/apache/cloudstack/storage/volume/VolumeServiceImpl.java
+++ b/engine/storage/volume/src/org/apache/cloudstack/storage/volume/VolumeServiceImpl.java
@@ -567,7 +567,6 @@ public class VolumeServiceImpl implements VolumeService {
         
         AsyncCallFuture<VolumeApiResult> future = new AsyncCallFuture<VolumeApiResult>();
         VolumeObject vo = (VolumeObject) volume;
-        vo.stateTransit(Volume.Event.UploadRequested);
 
         CreateVolumeContext<VolumeApiResult> context = new CreateVolumeContext<VolumeApiResult>(null, vo, future);
         AsyncCallbackDispatcher<VolumeServiceImpl, CreateCmdResult> caller = AsyncCallbackDispatcher.create(this);
diff --git a/packaging/centos63/cloud-ipallocator.rc b/packaging/centos63/cloud-ipallocator.rc
index ffeffa342c8..08cf9c88a0f 100755
--- a/packaging/centos63/cloud-ipallocator.rc
+++ b/packaging/centos63/cloud-ipallocator.rc
@@ -30,7 +30,7 @@ whatami=cloud-external-ipallocator
 SHORTNAME="$whatami"
 PIDFILE=/var/run/"$whatami".pid
 LOCKFILE=/var/lock/subsys/"$SHORTNAME"
-LOGFILE=/var/log/cloud/ipallocator/ipallocator.log
+LOGFILE=/var/log/cloudstack/ipallocator/ipallocator.log
 PROGNAME="External IPAllocator"
 
 unset OPTIONS
diff --git a/packaging/centos63/cloud.spec b/packaging/centos63/cloud.spec
index e340dd08c60..16c36020b45 100644
--- a/packaging/centos63/cloud.spec
+++ b/packaging/centos63/cloud.spec
@@ -78,7 +78,8 @@ Requires: mkisofs
 Requires: MySQL-python
 Requires: python-paramiko
 Requires: ipmitool
-Requires: %{name}-common = %{_ver} 
+Requires: %{name}-common = %{_ver}
+Requires: %{name}-awsapi = %{_ver} 
 Obsoletes: cloud-client < 4.1.0
 Obsoletes: cloud-client-ui < 4.1.0
 Obsoletes: cloud-daemonize < 4.1.0
@@ -145,13 +146,15 @@ Apache CloudStack command line interface
 %package awsapi
 Summary: Apache CloudStack AWS API compatibility wrapper
 Requires: %{name}-management = %{_ver}
+Obsoletes: cloud-aws-api < 4.1.0
+Provides: cloud-aws-api
 %description awsapi
 Apache Cloudstack AWS API compatibility wrapper
 
-%package docs
-Summary: Apache CloudStack documentation
-%description docs
-Apache CloudStack documentations
+#%package docs
+#Summary: Apache CloudStack documentation
+#%description docs
+#Apache CloudStack documentations
 
 %prep
 echo Doing CloudStack build
@@ -316,6 +319,10 @@ if [ "$1" == "1" ] ; then
     /sbin/chkconfig --level 345 cloud-management on > /dev/null 2>&1 || true
 fi
 
+if [ -d "%{_datadir}/%{name}-management" ] ; then
+   ln -s %{_datadir}/%{name}-bridge/webapps %{_datadir}/%{name}-management/webapps7080
+fi
+
 if [ ! -f %{_datadir}/cloudstack-common/scripts/vm/hypervisor/xenserver/vhd-util ] ; then
     echo Please download vhd-util from http://download.cloud.com.s3.amazonaws.com/tools/vhd-util and put it in 
     echo %{_datadir}/cloudstack-common/scripts/vm/hypervisor/xenserver/
@@ -328,16 +335,14 @@ if getent passwd cloud | grep -q /var/lib/cloud; then
 fi
 
 
-%post awsapi
-if [ -d "%{_datadir}/%{name}-management" ] ; then
-   ln -s %{_datadir}/%{name}-bridge/webapps %{_datadir}/%{name}-management/webapps7080
-fi
+#%post awsapi
+#if [ -d "%{_datadir}/%{name}-management" ] ; then
+#   ln -s %{_datadir}/%{name}-bridge/webapps %{_datadir}/%{name}-management/webapps7080
+#fi
 
 #No default permission as the permission setup is complex
 %files management
 %defattr(-,root,root,-)
-%doc LICENSE
-%doc NOTICE
 %dir %attr(0770,root,cloud) %{_sysconfdir}/%{name}/management/Catalina
 %dir %attr(0770,root,cloud) %{_sysconfdir}/%{name}/management/Catalina/localhost
 %dir %attr(0770,root,cloud) %{_sysconfdir}/%{name}/management/Catalina/localhost/client
@@ -432,9 +437,9 @@ fi
 %doc LICENSE
 %doc NOTICE
 
-%files docs
-%doc LICENSE
-%doc NOTICE
+#%files docs
+#%doc LICENSE
+#%doc NOTICE
 
 %files awsapi
 %defattr(0644,cloud,cloud,0755)
diff --git a/packaging/debian/init/cloud-usage b/packaging/debian/init/cloud-usage
index 3421cd1fbd4..1cc75cc03f8 100755
--- a/packaging/debian/init/cloud-usage
+++ b/packaging/debian/init/cloud-usage
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 ### BEGIN INIT INFO
-# Provides:          cloud usage
+# Provides:          cloudstack usage
 # Required-Start:    $network $local_fs
 # Required-Stop:     $network $local_fs
 # Default-Start:     3 4 5
@@ -32,17 +32,15 @@
 
 . /lib/lsb/init-functions
 
-SHORTNAME="cloud-usage"
+SHORTNAME="cloudstack-usage"
 PIDFILE=/var/run/"$SHORTNAME".pid
-LOGFILE=/var/log/cloud/usage/usage-server.log
 PROGNAME="CloudStack Usage Monitor"
 CLASS="com.cloud.usage.UsageServer"
 PROG="jsvc"
 DAEMON="/usr/bin/jsvc"
-USER=@MSUSER@
 
 unset OPTIONS
-[ -r @SYSCONFDIR@/default/"$SHORTNAME" ] && source @SYSCONFDIR@/default/"$SHORTNAME"
+[ -r /etc/default/"$SHORTNAME" ] && source /etc/default/"$SHORTNAME"
 
 # The first existing directory is used for JAVA_HOME (if JAVA_HOME is not defined in $DEFAULT)
 JDK_DIRS="/usr/lib/jvm/java-7-openjdk-amd64 /usr/lib/jvm/java-7-openjdk-i386 /usr/lib/jvm/java-6-openjdk /usr/lib/jvm/java-6-openjdk-i386 /usr/lib/jvm/java-6-openjdk-amd64 /usr/lib/jvm/java-6-sun"
@@ -54,14 +52,12 @@ for jdir in $JDK_DIRS; do
 done
 export JAVA_HOME
 
-SCP="@SYSTEMCLASSPATH@"
-DCP="@DEPSCLASSPATH@"
-UCP="@USAGECLASSPATH@"
-JCP="/usr/share/java/commons-daemon.jar"
+UCP=`ls /usr/share/cloudstack-usage/lib/*.jar | tr '\n' ':' | sed s'/.$//'`
+PCP=`ls /usr/share/cloudstack-usage/plugins/*.jar 2>/dev/null | tr '\n' ':' | sed s'/.$//'`
 
 # We need to append the JSVC daemon JAR to the classpath
 # AgentShell implements the JSVC daemon methods
-export CLASSPATH="$SCP:$DCP:$UCP:$JCP:@USAGESYSCONFDIR@"
+export CLASSPATH="/usr/share/java/commons-daemon.jar:$UCP:$PCP:/etc/cloudstack/usage"
 
 start() {
     if [ -s "$PIDFILE" ] && kill -0 $(cat "$PIDFILE") >/dev/null 2>&1; then
@@ -79,7 +75,7 @@ start() {
         exit 1
     fi
 
-    if start_daemon -p $PIDFILE $DAEMON -cp "$CLASSPATH" -pidfile "$PIDFILE" -user "$USER" -outfile SYSLOG -errfile SYSLOG -Dpid=$$ $CLASS
+    if start_daemon -p $PIDFILE $DAEMON -cp "$CLASSPATH" -pidfile "$PIDFILE" -outfile SYSLOG -errfile SYSLOG -Dpid=$$ $CLASS
         RETVAL=$?
     then
         rc=0
diff --git a/patches/systemvm/debian/config/etc/init.d/cloud-early-config b/patches/systemvm/debian/config/etc/init.d/cloud-early-config
index 877ab06009d..408264b478a 100755
--- a/patches/systemvm/debian/config/etc/init.d/cloud-early-config
+++ b/patches/systemvm/debian/config/etc/init.d/cloud-early-config
@@ -593,9 +593,20 @@ setup_redundant_router() {
     fi
 }
 
+setup_aesni() {
+  if [ `grep aes /proc/cpuinfo | wc -l` -gt 0 ]
+  then
+    modprobe aesni_intel
+    if [ `lsmod | grep aesni_intel | wc -l` -gt 0 ]
+    then
+      echo aesni_intel >> /etc/modules
+    fi
+  fi
+}
+
 setup_router() {
   log_it "Setting up virtual router system vm"
-  
+
   oldmd5=
   [ -f "/etc/udev/rules.d/70-persistent-net.rules" ] && oldmd5=$(md5sum "/etc/udev/rules.d/70-persistent-net.rules" | awk '{print $1}')
   
@@ -643,10 +654,8 @@ setup_router() {
     fi
   fi
   
-  
-  
+  setup_aesni
   setup_dnsmasq
-  
   setup_apache2 $ETH0_IP
 
   sed -i  /gateway/d /etc/hosts
diff --git a/patches/systemvm/debian/config/root/redundant_router/check_heartbeat.sh.templ b/patches/systemvm/debian/config/root/redundant_router/check_heartbeat.sh.templ
index 908c0d8f06f..7a980bdfb8c 100755
--- a/patches/systemvm/debian/config/root/redundant_router/check_heartbeat.sh.templ
+++ b/patches/systemvm/debian/config/root/redundant_router/check_heartbeat.sh.templ
@@ -22,7 +22,7 @@ then
     lasttime=$(cat [RROUTER_BIN_PATH]/keepalived.ts2)
     thistime=$(cat [RROUTER_BIN_PATH]/keepalived.ts)
     diff=$(($thistime - $lasttime))
-    if [ $diff -gt 100 ]
+    if [ $diff -lt 30]
     then
         echo Keepalived process is dead! >> [RROUTER_LOG]
         service keepalived stop >> [RROUTER_LOG] 2>&1
diff --git a/plugins/api/discovery/src/org/apache/cloudstack/discovery/ApiDiscoveryServiceImpl.java b/plugins/api/discovery/src/org/apache/cloudstack/discovery/ApiDiscoveryServiceImpl.java
index 293a1a47c19..b3714883964 100755
--- a/plugins/api/discovery/src/org/apache/cloudstack/discovery/ApiDiscoveryServiceImpl.java
+++ b/plugins/api/discovery/src/org/apache/cloudstack/discovery/ApiDiscoveryServiceImpl.java
@@ -73,6 +73,7 @@ public class ApiDiscoveryServiceImpl implements ApiDiscoveryService {
                 s_logger.debug(String.format("getting api commands of service: %s", service.getClass().getName()));
                 cmdClasses.addAll(service.getCommands());
             }
+            cmdClasses.addAll(this.getCommands());
             cacheResponseMap(cmdClasses);
             long endTime = System.nanoTime();
             s_logger.info("Api Discovery Service: Annotation, docstrings, api relation graph processed in " + (endTime - startTime) / 1000000.0 + " ms");
diff --git a/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/storage/LibvirtStorageAdaptor.java b/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/storage/LibvirtStorageAdaptor.java
index d350ef994fb..070c1327ba3 100644
--- a/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/storage/LibvirtStorageAdaptor.java
+++ b/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/storage/LibvirtStorageAdaptor.java
@@ -293,58 +293,6 @@ public class LibvirtStorageAdaptor implements StorageAdaptor {
         return parser.parseStorageVolumeXML(volDefXML);
     }
 
-    public StoragePool createFileBasedStoragePool(Connect conn,
-            String localStoragePath, String uuid) {
-        if (!(_storageLayer.exists(localStoragePath) && _storageLayer
-                .isDirectory(localStoragePath))) {
-            return null;
-        }
-
-        File path = new File(localStoragePath);
-        if (!(path.canWrite() && path.canRead() && path.canExecute())) {
-            return null;
-        }
-
-        StoragePool pool = null;
-
-        try {
-            pool = conn.storagePoolLookupByUUIDString(uuid);
-        } catch (LibvirtException e) {
-
-        }
-
-        if (pool == null) {
-            LibvirtStoragePoolDef spd = new LibvirtStoragePoolDef(poolType.DIR,
-                    uuid, uuid, null, null, localStoragePath);
-            try {
-                pool = conn.storagePoolDefineXML(spd.toString(), 0);
-                pool.create(0);
-            } catch (LibvirtException e) {
-                if (pool != null) {
-                    try {
-                        pool.destroy();
-                        pool.undefine();
-                    } catch (LibvirtException e1) {
-                    }
-                    pool = null;
-                }
-                throw new CloudRuntimeException(e.toString());
-            }
-        }
-
-        try {
-            StoragePoolInfo spi = pool.getInfo();
-            if (spi.state != StoragePoolState.VIR_STORAGE_POOL_RUNNING) {
-                pool.create(0);
-            }
-
-        } catch (LibvirtException e) {
-            throw new CloudRuntimeException(e.toString());
-        }
-
-        return pool;
-    }
-
     @Override
     public KVMStoragePool getStoragePool(String uuid) {
         StoragePool storage = null;
diff --git a/plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/manager/VmwareStorageManagerImpl.java b/plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/manager/VmwareStorageManagerImpl.java
index 8be76e8fff2..e11dd53f3c9 100644
--- a/plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/manager/VmwareStorageManagerImpl.java
+++ b/plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/manager/VmwareStorageManagerImpl.java
@@ -21,6 +21,7 @@ import java.io.File;
 import java.io.FileOutputStream;
 import java.io.OutputStreamWriter;
 import java.rmi.RemoteException;
+import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -915,7 +916,7 @@ public class VmwareStorageManagerImpl implements VmwareStorageManager {
 
             // wait if there are already VM snapshot task running
             ManagedObjectReference taskmgr = context.getServiceContent().getTaskManager();
-            ManagedObjectReference[] tasks =  (ManagedObjectReference[]) context.getVimClient().getDynamicProperty(taskmgr, "recentTask");
+            List<ManagedObjectReference> tasks = (ArrayList<ManagedObjectReference>)context.getVimClient().getDynamicProperty(taskmgr, "recentTask");
             for (ManagedObjectReference taskMor : tasks) {
                 TaskInfo info = (TaskInfo) (context.getVimClient().getDynamicProperty(taskMor, "info"));
                 if(info.getEntityName().equals(cmd.getVmName()) && info.getName().equalsIgnoreCase("CreateSnapshot_Task")){
@@ -1048,7 +1049,7 @@ public class VmwareStorageManagerImpl implements VmwareStorageManager {
 
             // wait if there are already VM revert task running
             ManagedObjectReference taskmgr = context.getServiceContent().getTaskManager();
-            ManagedObjectReference[] tasks =  (ManagedObjectReference[]) context.getVimClient().getDynamicProperty(taskmgr, "recentTask");
+            List<ManagedObjectReference> tasks = (ArrayList<ManagedObjectReference>)context.getVimClient().getDynamicProperty(taskmgr, "recentTask");
             for (ManagedObjectReference taskMor : tasks) {
                 TaskInfo info = (TaskInfo) (context.getVimClient().getDynamicProperty(taskMor, "info"));
                 if(info.getEntityName().equals(cmd.getVmName()) && info.getName().equalsIgnoreCase("RevertToSnapshot_Task")){
diff --git a/plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java b/plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java
index 155d6d9718f..634827b6468 100755
--- a/plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java
+++ b/plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java
@@ -5034,7 +5034,7 @@ public class VmwareResource implements StoragePoolResource, ServerResource, Vmwa
                 boolean bRefresh = false;
                 if(firewallMo != null) {
                     HostFirewallInfo firewallInfo = firewallMo.getFirewallInfo();
-                    if(firewallInfo != null) {
+                    if(firewallInfo != null && firewallInfo.getRuleset() != null) {
                         for(HostFirewallRuleset rule : firewallInfo.getRuleset()) {
                             if("vncServer".equalsIgnoreCase(rule.getKey())) {
                                 bRefresh = true;
diff --git a/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java b/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
index 886fc6f04fa..f0cf2f05bf0 100644
--- a/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
+++ b/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
@@ -118,6 +118,7 @@ import com.cloud.agent.api.ModifySshKeysCommand;
 import com.cloud.agent.api.ModifyStoragePoolAnswer;
 import com.cloud.agent.api.ModifyStoragePoolCommand;
 import com.cloud.agent.api.NetworkRulesSystemVmCommand;
+import com.cloud.agent.api.NetworkRulesVmSecondaryIpCommand;
 import com.cloud.agent.api.PingCommand;
 import com.cloud.agent.api.PingRoutingCommand;
 import com.cloud.agent.api.PingRoutingWithNwGroupsCommand;
@@ -597,6 +598,8 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe
             return execute((DeleteVMSnapshotCommand)cmd);
         } else if (clazz == RevertToVMSnapshotCommand.class) {
             return execute((RevertToVMSnapshotCommand)cmd);
+        } else if (clazz == NetworkRulesVmSecondaryIpCommand.class) {
+            return execute((NetworkRulesVmSecondaryIpCommand)cmd);
         } else {
             return Answer.createUnsupportedCommandAnswer(cmd);
         }
@@ -1468,7 +1471,18 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe
                     for (NicTO nic : nics) {
                         if ( nic.isSecurityGroupEnabled() || nic.getIsolationUri() != null
                                 && nic.getIsolationUri().getScheme().equalsIgnoreCase(IsolationType.Ec2.toString())) {
-                            result = callHostPlugin(conn, "vmops", "default_network_rules", "vmName", vmName, "vmIP", nic.getIp(), "vmMAC", nic.getMac(), "vmID", Long.toString(vmSpec.getId()));
+                            List<String> nicSecIps = nic.getNicSecIps();
+                            String secIpsStr;
+                            StringBuilder sb = new StringBuilder();
+                            if (nicSecIps != null) {
+                                for (String ip : nicSecIps) {
+                                    sb.append(ip).append(":");
+                                }
+                                secIpsStr = sb.toString();
+                            } else {
+                                secIpsStr = "0:";
+                            }
+                            result = callHostPlugin(conn, "vmops", "default_network_rules", "vmName", vmName, "vmIP", nic.getIp(), "vmMAC", nic.getMac(), "vmID", Long.toString(vmSpec.getId()), "secIps", secIpsStr);
 
                             if (result == null || result.isEmpty() || !Boolean.parseBoolean(result)) {
                                 s_logger.warn("Failed to program default network rules for " + vmName+" on nic with ip:"+nic.getIp()+" mac:"+nic.getMac());
@@ -5454,7 +5468,8 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe
                 "signature", cmd.getSignature(),
                 "seqno", Long.toString(cmd.getSeqNum()),
                 "deflated", "true",
-                "rules", cmd.compressStringifiedRules());
+                "rules", cmd.compressStringifiedRules(),
+                "secIps", cmd.getSecIpsString());
 
         if (result == null || result.isEmpty() || !Boolean.parseBoolean(result)) {
             s_logger.warn("Failed to program network rules for vm " + cmd.getVmName());
@@ -7506,6 +7521,19 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe
         return new Answer(cmd, success, "");
     }
 
+    private Answer execute(NetworkRulesVmSecondaryIpCommand cmd) {
+        boolean success = true;
+        Connection conn = getConnection();
+
+        String result = callHostPlugin(conn, "vmops", "network_rules_vmSecondaryIp", "vmName", cmd.getVmName(), "vmMac", cmd.getVmMac(), "vmSecIp", cmd.getVmSecIp(), "action",
+                cmd.getAction());
+        if (result == null || result.isEmpty() || !Boolean.parseBoolean(result)) {
+            success = false;
+        }
+
+        return new Answer(cmd, success, "");
+    }
+
     protected SetFirewallRulesAnswer execute(SetFirewallRulesCommand cmd) {
         String[] results = new String[cmd.getRules().length];
         String callResult;
diff --git a/plugins/network-elements/netscaler/src/com/cloud/network/element/NetscalerElement.java b/plugins/network-elements/netscaler/src/com/cloud/network/element/NetscalerElement.java
index 8f902df703f..c1c735aa270 100644
--- a/plugins/network-elements/netscaler/src/com/cloud/network/element/NetscalerElement.java
+++ b/plugins/network-elements/netscaler/src/com/cloud/network/element/NetscalerElement.java
@@ -638,14 +638,11 @@ StaticNatServiceProvider {
 
     @Override
     public IpDeployer getIpDeployer(Network network) {
-        ExternalLoadBalancerDeviceVO lbDevice = getExternalLoadBalancerForNetwork(network);
-        if (lbDevice == null) {
-            s_logger.error("Cannot find external load balanacer for network " + network.getName());
-            return null;
-        }
+
         if (_networkMgr.isNetworkInlineMode(network)) {
             return getIpDeployerForInlineMode(network);
         }
+
         return this;
     }
 
diff --git a/scripts/storage/qcow2/resizevolume.sh b/scripts/storage/qcow2/resizevolume.sh
index d15513e250f..6a5c91d9dd6 100755
--- a/scripts/storage/qcow2/resizevolume.sh
+++ b/scripts/storage/qcow2/resizevolume.sh
@@ -68,7 +68,7 @@ log() {
 
   if [ $shouldwelog -eq 1 ]
   then
-    echo "$d - $1" >> /var/log/cloud/agent/resizevolume.log
+    echo "$d - $1" >> /var/log/cloudstack/agent/resizevolume.log
   fi
 }
 
@@ -237,7 +237,7 @@ do
   esac
 done
 
-shouldwelog=1 #set this to 1 while debugging to get output in /var/log/cloud/agent/resizevolume.log
+shouldwelog=1 #set this to 1 while debugging to get output in /var/log/cloudstack/agent/resizevolume.log
 
 if [ "$ptype" == "CLVM" ]
 then
diff --git a/scripts/vm/hypervisor/xenserver/vmops b/scripts/vm/hypervisor/xenserver/vmops
index db6f6d63ac9..31c9a59663e 100755
--- a/scripts/vm/hypervisor/xenserver/vmops
+++ b/scripts/vm/hypervisor/xenserver/vmops
@@ -610,6 +610,7 @@ def destroy_network_rules_for_vm(session, args):
         util.SMlog("Ignoring failure to delete egress chain " + vmchain_egress)
     
     remove_rule_log_for_vm(vm_name)
+    remove_secip_log_for_vm(vm_name)
     
     if 1 in [ vm_name.startswith(c) for c in ['r-', 's-', 'v-', 'l-'] ]:
         return 'true'
@@ -749,6 +750,43 @@ def default_arp_antispoof(vm_chain, vifs, vm_ip, vm_mac):
 
     return 'true'
 
+
+@echo
+def network_rules_vmSecondaryIp(session, args):
+    vm_name = args.pop('vmName')
+    vm_mac = args.pop('vmMac')
+    ip_secondary = args.pop('vmSecIp')
+    action = args.pop('action')
+    util.SMlog("vmMac = "+ vm_mac)
+    util.SMlog("vmName = "+ vm_name)
+    #action = "-A"
+    util.SMlog("action = "+ action)
+    try:
+        vm = session.xenapi.VM.get_by_name_label(vm_name)
+        if len(vm) != 1:
+             return 'false'
+        vm_rec = session.xenapi.VM.get_record(vm[0])
+        vm_vifs = vm_rec.get('VIFs')
+        vifnums = [session.xenapi.VIF.get_record(vif).get('device') for vif in vm_vifs]
+        domid = vm_rec.get('domid')
+    except:
+        util.SMlog("### Failed to get domid or vif list for vm  ##" + vm_name)
+        return 'false'
+
+    if domid == '-1':
+        util.SMlog("### Failed to get domid for vm (-1):  " + vm_name)
+        return 'false'
+
+    vifs = ["vif" + domid + "." + v for v in vifnums]
+    #vm_name =  '-'.join(vm_name.split('-')[:-1])
+    vmchain = chain_name(vm_name)
+    add_to_ipset(vmchain, [ip_secondary], action)
+
+    #add arptables rules for the secondary ip
+    arp_rules_vmip(vmchain, vifs, [ip_secondary], vm_mac, action)
+
+    return 'true'
+
 @echo
 def default_network_rules_systemvm(session, args):
     vm_name = args.pop('vmName')
@@ -798,6 +836,55 @@ def default_network_rules_systemvm(session, args):
         util.SMlog("Failed to log default network rules for systemvm, ignoring")
     return 'true'
 
+@echo
+def create_ipset_forvm (ipsetname):
+    result = True
+    try:
+        util.SMlog("Creating ipset chain .... " + ipsetname)
+        util.pread2(['ipset', '-F', ipsetname])
+        util.pread2(['ipset', '-X', ipsetname])
+        util.pread2(['ipset', '-N', ipsetname, 'iphash'])
+    except:
+        util.SMlog("ipset chain not exists creating.... " + ipsetname)
+        util.pread2(['ipset', '-N', ipsetname, 'iphash'])
+
+    return result
+
+@echo
+def add_to_ipset(ipsetname, ips, action):
+    result = True
+    for ip in ips:
+        try:
+            util.SMlog("vm ip " + ip)
+            util.pread2(['ipset', action, ipsetname, ip])
+        except:
+            util.SMlog("vm ip alreday in ip set" + ip)
+            continue
+
+    return result
+
+@echo
+def arp_rules_vmip (vm_chain, vifs, ips, vm_mac, action):
+    try:
+        if action == "-A":
+            action = "-I"
+        for vif in vifs:
+            for vm_ip in ips:
+                #accept any arp requests to this vm as long as the request is for this vm's ip
+                util.pread2(['arptables',  action, vm_chain, '-o', vif, '--opcode', 'Request', '--destination-ip', vm_ip, '-j', 'ACCEPT'])
+                #accept any arp replies to this vm as long as the mac and ip matches
+                util.pread2(['arptables',  action, vm_chain, '-o', vif, '--opcode', 'Reply', '--destination-mac', vm_mac, '--destination-ip', vm_ip, '-j', 'ACCEPT'])
+                #accept arp replies into the bridge as long as the source mac and ips match the vm
+                util.pread2(['arptables',  action, vm_chain, '-i', vif, '--opcode', 'Reply', '--source-mac',  vm_mac, '--source-ip',  vm_ip, '-j', 'ACCEPT'])
+                #accept any arp requests from this vm. In the future this can be restricted to deny attacks on hosts
+                #also important to restrict source ip and src mac in these requests as they can be used to update arp tables on destination
+                util.pread2(['arptables',  action, vm_chain, '-i', vif, '--opcode', 'Request',  '--source-mac',  vm_mac, '--source-ip',  vm_ip, '-j', 'RETURN'])
+    except:
+        util.SMlog("Failed to program arptables  rules for ip")
+        return 'false'
+
+    return 'true'
+
 
 @echo
 def default_network_rules(session, args):
@@ -805,6 +892,8 @@ def default_network_rules(session, args):
     vm_ip = args.pop('vmIP')
     vm_id = args.pop('vmID')
     vm_mac = args.pop('vmMAC')
+    sec_ips = args.pop("secIps")
+    action = "-A"
     
     try:
         vm = session.xenapi.VM.get_by_name_label(vm_name)
@@ -854,6 +943,32 @@ def default_network_rules(session, args):
     except:
         util.pread2(['iptables', '-F', vmchain_default])        
 
+    vmipset = vm_name
+    #create ipset and add vm ips to that ip set
+    if create_ipset_forvm(vmipset) == False:
+       util.SMlog(" failed to create ipset for rule " + str(tokens))
+       return 'false'
+
+    #add primary nic ip to ipset
+    if add_to_ipset(vmipset, [vm_ip], action ) == False:
+       util.SMlog(" failed to add vm " + vm_ip + " ip to set ")
+       return 'false'
+
+    #add secodnary nic ips to ipset
+    secIpSet = "1"
+    ips = sec_ips.split(':')
+    ips.pop()
+    if ips[0] == "0":
+        secIpSet = "0";
+
+    if secIpSet == "1":
+        util.SMlog("Adding ipset for secondary ips")
+        add_to_ipset(vmipset, ips, action)
+        if write_secip_log_for_vm(vm_name, sec_ips, vm_id) == False:
+            util.SMlog("Failed to log default network rules, ignoring")
+
+    keyword = '--' + get_ipset_keyword()
+
     try:
         for v in vifs:
             util.pread2(['iptables', '-A', 'BRIDGE-FIREWALL', '-m', 'physdev', '--physdev-is-bridged', '--physdev-out', v, '-j', vmchain_default])
@@ -861,16 +976,22 @@ def default_network_rules(session, args):
 
         #don't let vm spoof its ip address
         for v in vifs:
-            util.pread2(['iptables', '-A', vmchain_default, '-m', 'physdev', '--physdev-is-bridged', '--physdev-in', v, '--source', vm_ip,'-p', 'udp', '--dport', '53', '-j', 'RETURN'])
-            util.pread2(['iptables', '-A', vmchain_default, '-m', 'physdev', '--physdev-is-bridged', '--physdev-in', v, '--source', '!', vm_ip, '-j', 'DROP'])
-            util.pread2(['iptables', '-A', vmchain_default, '-m', 'physdev', '--physdev-is-bridged', '--physdev-out', v, '--destination', '!', vm_ip, '-j', 'DROP'])
-            util.pread2(['iptables', '-A', vmchain_default, '-m', 'physdev', '--physdev-is-bridged', '--physdev-in', v, '--source', vm_ip, '-j', vmchain_egress])
+            #util.pread2(['iptables', '-A', vmchain_default, '-m', 'physdev', '--physdev-is-bridged', '--physdev-in', v, '--source', vm_ip,'-p', 'udp', '--dport', '53', '-j', 'RETURN'])
+            util.pread2(['iptables', '-A', vmchain_default, '-m', 'physdev', '--physdev-is-bridged', '--physdev-in', v, '-m', 'set', keyword, vmipset, 'src', '-p', 'udp', '--dport', '53', '-j', 'RETURN'])
+            util.pread2(['iptables', '-A', vmchain_default, '-m', 'physdev', '--physdev-is-bridged', '--physdev-in', v, '-m', 'set', '!', keyword, vmipset, 'src', '-j', 'DROP'])
+            util.pread2(['iptables', '-A', vmchain_default, '-m', 'physdev', '--physdev-is-bridged', '--physdev-out', v, '-m', 'set', '!', keyword, vmipset, 'dst', '-j', 'DROP'])
+            util.pread2(['iptables', '-A', vmchain_default, '-m', 'physdev', '--physdev-is-bridged', '--physdev-in', v, '-m', 'set', keyword, vmipset, 'src', '-j', vmchain_egress])
             util.pread2(['iptables', '-A', vmchain_default, '-m', 'physdev', '--physdev-is-bridged', '--physdev-out', v,  '-j', vmchain])
     except:
         util.SMlog("Failed to program default rules for vm " + vm_name)
         return 'false'
     
     default_arp_antispoof(vmchain, vifs, vm_ip, vm_mac)
+    #add default arp rules for secondary ips;
+    if secIpSet == "1":
+        util.SMlog("Adding arp rules for sec ip")
+        arp_rules_vmip(vmchain, vifs, ips, vm_mac, action)
+
     default_ebtables_antispoof_rules(vmchain, vifs, vm_ip, vm_mac)
     
     if write_rule_log_for_vm(vm_name, vm_id, vm_ip, domid, '_initial_', '-1', vm_mac) == False:
@@ -994,10 +1115,45 @@ def network_rules_for_rebooted_vm(session, vmName):
     destroy_arptables_rules(vmchain)
     [vm_ip, vm_mac] = get_vm_mac_ip_from_log(vmchain)
     default_arp_antispoof(vmchain, vifs, vm_ip, vm_mac)
+
+    #check wether the vm has secondary ips
+    if is_secondary_ips_set(vm_name) == True:
+        vmips = get_vm_sec_ips(vm_name)
+        #add arp rules for the secondaryp ip
+        for ip in vmips:
+            arp_rules_vmip(vmchain, vifs, [ip], vm_mac, "-A")
+
+
     default_ebtables_antispoof_rules(vmchain, vifs, vm_ip, vm_mac)
     rewrite_rule_log_for_vm(vm_name, curr_domid)
     return True
 
+
+
+@echo
+def get_vm_sec_ips(vm_name):
+    logfilename = "/var/run/cloud/" + vm_name +".ip"
+
+    lines = (line.rstrip() for line in open(logfilename))
+    for line in lines:
+        try:
+            [_vmName,_vmIP,_vmID] = line.split(',')
+            break
+        except ValueError,v:
+            [_vmName,_vmIP,_vmID] = line.split(',')
+
+    _vmIPS = _vmIP.split(":")[:-1]
+    return _vmIPS
+
+@echo
+def is_secondary_ips_set(vm_name):
+    logfilename = "/var/run/cloud/" + vm_name +".ip"
+    if not os.path.exists(logfilename):
+        return False
+
+    return True
+
+@echo
 def rewrite_rule_log_for_vm(vm_name, new_domid):
     logfilename = "/var/run/cloud/" + vm_name +".log"
     if not os.path.exists(logfilename):
@@ -1194,6 +1350,39 @@ def check_rule_log_for_vm(vmName, vmID, vmIP, domID, signature, seqno):
         
     return [reprogramDefault, reprogramChain, rewriteLog]
     
+@echo
+def write_secip_log_for_vm (vmName, secIps, vmId):
+    vm_name = vmName
+    logfilename = "/var/run/cloud/"+vm_name+".ip"
+    util.SMlog("Writing log to " + logfilename)
+    logf = open(logfilename, 'w')
+    output = ','.join([vmName, secIps, vmId])
+    result = True
+
+    try:
+        logf.write(output)
+        logf.write('\n')
+    except:
+        util.SMlog("Failed to write to rule log file " + logfilename)
+        result = False
+
+    logf.close()
+
+    return result
+
+@echo
+def remove_secip_log_for_vm(vmName):
+    vm_name = vmName
+    logfilename = "/var/run/cloud/"+vm_name+".ip"
+
+    result = True
+    try:
+        os.remove(logfilename)
+    except:
+        util.SMlog("Failed to delete rule log file " + logfilename)
+        result = False
+
+    return result
 
 @echo
 def write_rule_log_for_vm(vmName, vmID, vmIP, domID, signature, seqno, vmMac='ff:ff:ff:ff:ff:ff'):
@@ -1289,6 +1478,7 @@ def network_rules(session, args):
     vm_mac = args.get('vmMAC')
     signature = args.pop('signature')
     seqno = args.pop('seqno')
+    sec_ips = args.pop("secIps")
     deflated = 'false'
     if 'deflated' in args:
         deflated = args.pop('deflated')
@@ -1469,6 +1659,7 @@ if __name__ == "__main__":
                             "can_bridge_firewall":can_bridge_firewall, "default_network_rules":default_network_rules,
                             "destroy_network_rules_for_vm":destroy_network_rules_for_vm, 
                             "default_network_rules_systemvm":default_network_rules_systemvm, 
+                            "network_rules_vmSecondaryIp":network_rules_vmSecondaryIp,
                             "get_rule_logs_for_vms":get_rule_logs_for_vms, 
                             "setLinkLocalIP":setLinkLocalIP,
                             "cleanup_rules":cleanup_rules,
diff --git a/scripts/vm/network/security_group.py b/scripts/vm/network/security_group.py
index 83d7ad13c86..ed4180a508e 100755
--- a/scripts/vm/network/security_group.py
+++ b/scripts/vm/network/security_group.py
@@ -797,7 +797,7 @@ def addFWFramework(brname):
         return False
             
 if __name__ == '__main__':
-    logging.basicConfig(filename="/var/log/cloud/security_group.log", format="%(asctime)s - %(message)s", level=logging.DEBUG)
+    logging.basicConfig(filename="/var/log/cloudstack/agent/security_group.log", format="%(asctime)s - %(message)s", level=logging.DEBUG)
     parser = OptionParser()
     parser.add_option("--vmname", dest="vmName")
     parser.add_option("--vmip", dest="vmIP")
diff --git a/server/src/com/cloud/api/ApiResponseHelper.java b/server/src/com/cloud/api/ApiResponseHelper.java
index fbfc9554111..2546f292883 100755
--- a/server/src/com/cloud/api/ApiResponseHelper.java
+++ b/server/src/com/cloud/api/ApiResponseHelper.java
@@ -184,6 +184,7 @@ import com.cloud.vm.ConsoleProxyVO;
 import com.cloud.vm.InstanceGroup;
 import com.cloud.vm.Nic;
 import com.cloud.vm.NicProfile;
+import com.cloud.vm.NicVO;
 import com.cloud.vm.VMInstanceVO;
 import com.cloud.vm.NicSecondaryIp;
 import com.cloud.vm.VirtualMachine;
@@ -3447,9 +3448,11 @@ public class ApiResponseHelper implements ResponseGenerator {
 
     public NicSecondaryIpResponse createSecondaryIPToNicResponse(String ipAddr, Long nicId, Long networkId) {
         NicSecondaryIpResponse response = new NicSecondaryIpResponse();
+        NicVO nic = _entityMgr.findById(NicVO.class, nicId);
+        NetworkVO network = _entityMgr.findById(NetworkVO.class, networkId);
         response.setIpAddr(ipAddr);
-        response.setNicId(nicId);
-        response.setNwId(networkId);
+        response.setNicId(nic.getUuid());
+        response.setNwId(network.getUuid());
         response.setObjectName("nicsecondaryip");
         return response;
     }
@@ -3465,7 +3468,7 @@ public class ApiResponseHelper implements ResponseGenerator {
                 List<NicSecondaryIpResponse> ipList = new ArrayList<NicSecondaryIpResponse>();
                 for (NicSecondaryIpVO ip: secondaryIps) {
                     NicSecondaryIpResponse ipRes = new NicSecondaryIpResponse();
-                    ipRes.setId(ip.getId());
+                    ipRes.setId(ip.getUuid());
                     ipRes.setIpAddr(ip.getIp4Address());
                     ipList.add(ipRes);
                 }
diff --git a/server/src/com/cloud/api/ApiServer.java b/server/src/com/cloud/api/ApiServer.java
index deb5e12f9fc..0439c6e2cc9 100755
--- a/server/src/com/cloud/api/ApiServer.java
+++ b/server/src/com/cloud/api/ApiServer.java
@@ -327,10 +327,12 @@ public class ApiServer implements HttpRequestHandler, ApiServerService {
                     }
                     String[] value = (String[]) params.get(key);
                     // fail if parameter value contains ASCII control (non-printable) characters
-                    String newValue = StringUtils.stripControlCharacters(value[0]);
-                    if ( !newValue.equals(value[0]) ) {
-                        throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Received value " + value[0] + " for parameter "
-                                + key + " is invalid, contains illegal ASCII non-printable characters");
+                    if (value[0] != null) {
+                        String newValue = StringUtils.stripControlCharacters(value[0]);
+                        if ( !newValue.equals(value[0]) ) {
+                            throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Received value " + value[0] + " for parameter "
+                                    + key + " is invalid, contains illegal ASCII non-printable characters");
+                        }
                     }
                     paramMap.put(key, value[0]);
                 }
diff --git a/server/src/com/cloud/api/query/dao/ProjectInvitationJoinDaoImpl.java b/server/src/com/cloud/api/query/dao/ProjectInvitationJoinDaoImpl.java
index ca0f171dd1a..1dfed3421bb 100644
--- a/server/src/com/cloud/api/query/dao/ProjectInvitationJoinDaoImpl.java
+++ b/server/src/com/cloud/api/query/dao/ProjectInvitationJoinDaoImpl.java
@@ -56,7 +56,9 @@ public class ProjectInvitationJoinDaoImpl extends GenericDaoBase<ProjectInvitati
         response.setId(invite.getUuid());
         response.setProjectId(invite.getProjectUuid());
         response.setProjectName(invite.getProjectName());
-        response.setInvitationState(invite.getState().toString());
+        if (invite.getState() != null) {
+            response.setInvitationState(invite.getState().toString());
+        }
 
         if (invite.getAccountName() != null) {
             response.setAccountName(invite.getAccountName());
diff --git a/server/src/com/cloud/api/query/vo/ProjectInvitationJoinVO.java b/server/src/com/cloud/api/query/vo/ProjectInvitationJoinVO.java
index a60c9370530..f6e67609c79 100644
--- a/server/src/com/cloud/api/query/vo/ProjectInvitationJoinVO.java
+++ b/server/src/com/cloud/api/query/vo/ProjectInvitationJoinVO.java
@@ -25,8 +25,9 @@ import javax.persistence.Enumerated;
 import javax.persistence.Id;
 import javax.persistence.Table;
 
+import com.cloud.projects.ProjectInvitation.State;
 import com.cloud.utils.db.GenericDao;
-import com.cloud.vm.VirtualMachine.State;
+
 
 @Entity
 @Table(name="project_invitation_view")
diff --git a/server/src/com/cloud/baremetal/BareMetalTemplateAdapter.java b/server/src/com/cloud/baremetal/BareMetalTemplateAdapter.java
deleted file mode 100755
index d902dc4dbfd..00000000000
--- a/server/src/com/cloud/baremetal/BareMetalTemplateAdapter.java
+++ /dev/null
@@ -1,217 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements.  See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership.  The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License.  You may obtain a copy of the License at
-//
-//   http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied.  See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.baremetal;
-
-import java.util.Date;
-import java.util.List;
-
-import javax.ejb.Local;
-import javax.inject.Inject;
-
-import org.apache.cloudstack.api.command.user.iso.DeleteIsoCmd;
-import org.apache.cloudstack.api.command.user.iso.RegisterIsoCmd;
-import org.apache.cloudstack.api.command.user.template.RegisterTemplateCmd;
-import org.apache.log4j.Logger;
-import org.springframework.stereotype.Component;
-
-import com.cloud.configuration.Resource.ResourceType;
-import com.cloud.dc.DataCenterVO;
-import com.cloud.event.EventTypes;
-import com.cloud.event.UsageEventUtils;
-import com.cloud.exception.ResourceAllocationException;
-import com.cloud.host.Host;
-import com.cloud.host.HostVO;
-import com.cloud.host.dao.HostDao;
-import com.cloud.resource.ResourceManager;
-import com.cloud.storage.TemplateProfile;
-import com.cloud.storage.VMTemplateHostVO;
-import com.cloud.storage.VMTemplateVO;
-import com.cloud.storage.VMTemplateStorageResourceAssoc.Status;
-import com.cloud.storage.VMTemplateZoneVO;
-import com.cloud.template.TemplateAdapter;
-import com.cloud.template.TemplateAdapterBase;
-import com.cloud.user.Account;
-import com.cloud.utils.db.DB;
-import com.cloud.utils.exception.CloudRuntimeException;
-
-@Local(value=TemplateAdapter.class)
-public class BareMetalTemplateAdapter extends TemplateAdapterBase implements TemplateAdapter {
-	private final static Logger s_logger = Logger.getLogger(BareMetalTemplateAdapter.class);
-	@Inject HostDao _hostDao;
-	@Inject ResourceManager _resourceMgr;
-
-	@Override
-    public String getName() {
-        return TemplateAdapterType.BareMetal.getName();
-    }
-
-	@Override
-	public TemplateProfile prepare(RegisterTemplateCmd cmd) throws ResourceAllocationException {
-		TemplateProfile profile = super.prepare(cmd);
-
-		if (profile.getZoneId() == null || profile.getZoneId() == -1) {
-			List<DataCenterVO> dcs = _dcDao.listAllIncludingRemoved();
-			for (DataCenterVO dc : dcs) {
-				List<HostVO> pxeServers = _resourceMgr.listAllHostsInOneZoneByType(Host.Type.PxeServer, dc.getId());
-				if (pxeServers.size() == 0) {
-					throw new CloudRuntimeException("Please add PXE server before adding baremetal template in zone " + dc.getName());
-				}
-			}
-		} else {
-			List<HostVO> pxeServers = _resourceMgr.listAllHostsInOneZoneByType(Host.Type.PxeServer, profile.getZoneId());
-			if (pxeServers.size() == 0) {
-				throw new CloudRuntimeException("Please add PXE server before adding baremetal template in zone " + profile.getZoneId());
-			}
-		}
-
-		return profile;
-	}
-
-	@Override
-	public TemplateProfile prepare(RegisterIsoCmd cmd) throws ResourceAllocationException {
-		throw new CloudRuntimeException("Baremetal doesn't support ISO template");
-	}
-
-	private void templateCreateUsage(VMTemplateVO template, HostVO host) {
-		if (template.getAccountId() != Account.ACCOUNT_ID_SYSTEM) {
-            UsageEventUtils.publishUsageEvent(EventTypes.EVENT_TEMPLATE_CREATE, template.getAccountId(), host.getDataCenterId(),
-                    template.getId(), template.getName(), null, template.getSourceTemplateId(), 0L,
-                    template.getClass().getName(), template.getUuid());
-		}
-	}
-
-	@Override
-	public VMTemplateVO create(TemplateProfile profile) {
-		VMTemplateVO template = persistTemplate(profile);
-		Long zoneId = profile.getZoneId();
-
-		/* There is no secondary storage vm for baremetal, we use pxe server id.
-		 * Tempalte is not bound to pxeserver right now, and we assume the pxeserver
-		 * cannot be removed once it was added. so we use host id of first found pxe
-		 * server as reference in template_host_ref.
-		 * This maybe a FIXME in future.
-		 */
-		VMTemplateHostVO vmTemplateHost = null;
-		if (zoneId == null || zoneId == -1) {
-			List<DataCenterVO> dcs = _dcDao.listAllIncludingRemoved();
-			for (DataCenterVO dc : dcs) {
-				HostVO pxe = _resourceMgr.listAllHostsInOneZoneByType(Host.Type.PxeServer, dc.getId()).get(0);
-
-				vmTemplateHost = _tmpltHostDao.findByHostTemplate(dc.getId(), template.getId());
-				if (vmTemplateHost == null) {
-					vmTemplateHost = new VMTemplateHostVO(pxe.getId(), template.getId(), new Date(), 100,
-							Status.DOWNLOADED, null, null, null, null, template.getUrl());
-					_tmpltHostDao.persist(vmTemplateHost);
-					templateCreateUsage(template, pxe);
-				}
-			}
-		} else {
-			HostVO pxe = _resourceMgr.listAllHostsInOneZoneByType(Host.Type.PxeServer, zoneId).get(0);
-			vmTemplateHost = new VMTemplateHostVO(pxe.getId(), template.getId(), new Date(), 100,
-					Status.DOWNLOADED, null, null, null, null, template.getUrl());
-			_tmpltHostDao.persist(vmTemplateHost);
-			templateCreateUsage(template, pxe);
-		}
-
-		_resourceLimitMgr.incrementResourceCount(profile.getAccountId(), ResourceType.template);
-		return template;
-	}
-
-	public TemplateProfile prepareDelete(DeleteIsoCmd cmd) {
-		throw new CloudRuntimeException("Baremetal doesn't support ISO, how the delete get here???");
-	}
-
-	@Override @DB
-	public boolean delete(TemplateProfile profile) {
-		VMTemplateVO template = (VMTemplateVO)profile.getTemplate();
-    	Long templateId = template.getId();
-    	boolean success = true;
-    	String zoneName;
-    	boolean isAllZone;
-
-    	if (!template.isCrossZones() && profile.getZoneId() != null) {
-    		isAllZone = false;
-    		zoneName = profile.getZoneId().toString();
-    	} else {
-    		zoneName = "all zones";
-    		isAllZone = true;
-    	}
-
-    	s_logger.debug("Attempting to mark template host refs for template: " + template.getName() + " as destroyed in zone: " + zoneName);
-    	Account account = _accountDao.findByIdIncludingRemoved(template.getAccountId());
-    	String eventType = EventTypes.EVENT_TEMPLATE_DELETE;
-    	List<VMTemplateHostVO> templateHostVOs = _tmpltHostDao.listByTemplateId(templateId);
-
-		for (VMTemplateHostVO vo : templateHostVOs) {
-			VMTemplateHostVO lock = null;
-			try {
-				HostVO pxeServer = _hostDao.findById(vo.getHostId());
-				if (!isAllZone && pxeServer.getDataCenterId() != profile.getZoneId()) {
-					continue;
-				}
-
-				lock = _tmpltHostDao.acquireInLockTable(vo.getId());
-				if (lock == null) {
-					s_logger.debug("Failed to acquire lock when deleting templateHostVO with ID: " + vo.getId());
-					success = false;
-					break;
-				}
-
-				vo.setDestroyed(true);
-				_tmpltHostDao.update(vo.getId(), vo);
-				VMTemplateZoneVO templateZone = _tmpltZoneDao.findByZoneTemplate(pxeServer.getDataCenterId(), templateId);
-				if (templateZone != null) {
-					_tmpltZoneDao.remove(templateZone.getId());
-				}
-
-                UsageEventUtils.publishUsageEvent(eventType, account.getId(), pxeServer.getDataCenterId(),
-                        templateId, null, template.getClass().getName(), template.getUuid());
-			} finally {
-				if (lock != null) {
-					_tmpltHostDao.releaseFromLockTable(lock.getId());
-				}
-			}
-		}
-
-    	s_logger.debug("Successfully marked template host refs for template: " + template.getName() + " as destroyed in zone: " + zoneName);
-
-    	// If there are no more non-destroyed template host entries for this template, delete it
-		if (success && (_tmpltHostDao.listByTemplateId(templateId).size() == 0)) {
-			long accountId = template.getAccountId();
-
-			VMTemplateVO lock = _tmpltDao.acquireInLockTable(templateId);
-
-			try {
-				if (lock == null) {
-					s_logger.debug("Failed to acquire lock when deleting template with ID: " + templateId);
-					success = false;
-				} else if (_tmpltDao.remove(templateId)) {
-					// Decrement the number of templates
-				    _resourceLimitMgr.decrementResourceCount(accountId, ResourceType.template);
-				}
-
-			} finally {
-				if (lock != null) {
-					_tmpltDao.releaseFromLockTable(lock.getId());
-				}
-			}
-			s_logger.debug("Removed template: " + template.getName() + " because all of its template host refs were marked as destroyed.");
-		}
-
-    	return success;
-	}
-}
diff --git a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
index 7f449dec60e..b1ad6b7fb9d 100755
--- a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
+++ b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
@@ -252,17 +252,19 @@ public class ConfigurationManagerImpl extends ManagerBase implements Configurati
     // FIXME - why don't we have interface for DataCenterLinkLocalIpAddressDao?
     @Inject protected DataCenterLinkLocalIpAddressDao _LinkLocalIpAllocDao;
 
-    private int _maxVolumeSizeInGb;
-    private long _defaultPageSize;
+    private int _maxVolumeSizeInGb = Integer.parseInt(Config.MaxVolumeSize.getDefaultValue());
+    private long _defaultPageSize = Long.parseLong(Config.DefaultPageSize.getDefaultValue());
     protected Set<String> configValuesForValidation;
 
     @Override
     public boolean configure(final String name, final Map<String, Object> params) throws ConfigurationException {
-        String maxVolumeSizeInGbString = _configDao.getValue("storage.max.volume.size");
-        _maxVolumeSizeInGb = NumbersUtil.parseInt(maxVolumeSizeInGbString, 2000);
+        String maxVolumeSizeInGbString = _configDao.getValue(Config.MaxVolumeSize.key());
+        _maxVolumeSizeInGb = NumbersUtil.parseInt(maxVolumeSizeInGbString, 
+        	Integer.parseInt(Config.MaxVolumeSize.getDefaultValue()));
 
-        String defaultPageSizeString = _configDao.getValue("default.page.size");
-        _defaultPageSize = NumbersUtil.parseLong(defaultPageSizeString, 500L);
+        String defaultPageSizeString = _configDao.getValue(Config.DefaultPageSize.key());
+        _defaultPageSize = NumbersUtil.parseLong(defaultPageSizeString, 
+        	Long.parseLong(Config.DefaultPageSize.getDefaultValue()));
 
         populateConfigValuesForValidationSet();
         return true;
diff --git a/server/src/com/cloud/hypervisor/HypervisorGuruBase.java b/server/src/com/cloud/hypervisor/HypervisorGuruBase.java
index efe93966fe9..d77796da300 100644
--- a/server/src/com/cloud/hypervisor/HypervisorGuruBase.java
+++ b/server/src/com/cloud/hypervisor/HypervisorGuruBase.java
@@ -34,6 +34,7 @@ import com.cloud.vm.VMInstanceVO;
 import com.cloud.vm.VirtualMachine;
 import com.cloud.vm.VirtualMachineProfile;
 import com.cloud.vm.dao.NicDao;
+import com.cloud.vm.dao.NicSecondaryIpDao;
 import com.cloud.vm.dao.VMInstanceDao;
 
 public abstract class HypervisorGuruBase extends AdapterBase implements HypervisorGuru {
@@ -41,7 +42,8 @@ public abstract class HypervisorGuruBase extends AdapterBase implements Hypervis
 	@Inject VMTemplateDetailsDao _templateDetailsDao;
     @Inject NicDao _nicDao;
     @Inject VMInstanceDao _virtualMachineDao;
-	
+    @Inject NicSecondaryIpDao _nicSecIpDao;
+
     protected HypervisorGuruBase() {
         super();
     }
@@ -68,6 +70,14 @@ public abstract class HypervisorGuruBase extends AdapterBase implements Hypervis
         // Workaround to make sure the TO has the UUID we need for Niciri integration
         NicVO nicVO = _nicDao.findById(profile.getId());
         to.setUuid(nicVO.getUuid());
+        //check whether the this nic has secondary ip addresses set
+        //set nic secondary ip address in NicTO which are used for security group
+        // configuration. Use full when vm stop/start
+        List <String> secIps = null;
+        if (nicVO.getSecondaryIp()) {
+            secIps = _nicSecIpDao.getSecondaryIpAddressesForNic(nicVO.getId());
+        }
+        to.setNicSecIps(secIps);
         return to;
     }
 
diff --git a/server/src/com/cloud/network/NetworkManager.java b/server/src/com/cloud/network/NetworkManager.java
index 8b6bf9a7402..48e017edabd 100755
--- a/server/src/com/cloud/network/NetworkManager.java
+++ b/server/src/com/cloud/network/NetworkManager.java
@@ -21,6 +21,8 @@ import java.util.Map;
 
 import org.apache.cloudstack.acl.ControlledEntity.ACLType;
 import com.cloud.dc.DataCenter;
+import com.cloud.dc.DataCenterVO;
+import com.cloud.dc.Pod;
 import com.cloud.dc.Vlan.VlanType;
 import com.cloud.deploy.DataCenterDeployment;
 import com.cloud.deploy.DeployDestination;
@@ -339,8 +341,9 @@ public interface NetworkManager  {
      public String allocateGuestIP(Account ipOwner, boolean isSystem, long zoneId, Long networkId, String requestedIp)
      throws InsufficientAddressCapacityException;
 
-     boolean removeVmSecondaryIps(long vmId);
 
     List<? extends Nic> listVmNics(Long vmId, Long nicId);
+    String allocatePublicIpForGuestNic(Long networkId, DataCenter dc, Pod pod, Account caller, String requestedIp) throws InsufficientAddressCapacityException;
+    boolean removeVmSecondaryIpsOfNic(long nicId);
 
 }
diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java
index ba5ab5d378b..3220c9174eb 100755
--- a/server/src/com/cloud/network/NetworkManagerImpl.java
+++ b/server/src/com/cloud/network/NetworkManagerImpl.java
@@ -1765,12 +1765,8 @@ public class NetworkManagerImpl extends ManagerBase implements NetworkManager, L
         _nicDao.remove(nic.getId());
         s_logger.debug("Removed nic id=" + nic.getId());
         //remove the secondary ip addresses corresponding to to this nic
-        List<NicSecondaryIpVO> secondaryIps = _nicSecondaryIpDao.listByNicId(nic.getId());
-        if (secondaryIps != null) {
-            for (NicSecondaryIpVO ip : secondaryIps) {
-                _nicSecondaryIpDao.remove(ip.getId());
-            }
-            s_logger.debug("Removed nic " + nic.getId() + " secondary ip addreses");
+        if (!removeVmSecondaryIpsOfNic(nic.getId())) {
+            s_logger.debug("Removing nic " + nic.getId() + " secondary ip addreses failed");
         }
     }
 
@@ -2835,7 +2831,6 @@ public class NetworkManagerImpl extends ManagerBase implements NetworkManager, L
 
         _accountMgr.checkAccess(caller, null, false, network);
 
-        //return acquireGuestIpAddress(network, requestedIp);
         ipaddr = acquireGuestIpAddress(network, requestedIp);
         return ipaddr;
     }
@@ -3654,11 +3649,11 @@ public class NetworkManagerImpl extends ManagerBase implements NetworkManager, L
         return nic.getSecondaryIp();
     }
 
-        @Override
-        public boolean removeVmSecondaryIps(long vmId) {
+         @Override
+        public boolean removeVmSecondaryIpsOfNic(long nicId) {
            Transaction txn = Transaction.currentTxn();
            txn.start();
-           List <NicSecondaryIpVO> ipList = _nicSecondaryIpDao.listByVmId(vmId);
+           List <NicSecondaryIpVO> ipList = _nicSecondaryIpDao.listByNicId(nicId);
            if (ipList != null) {
                for (NicSecondaryIpVO ip: ipList) {
                    _nicSecondaryIpDao.remove(ip.getId());
@@ -3669,4 +3664,16 @@ public class NetworkManagerImpl extends ManagerBase implements NetworkManager, L
            return true;
         }
 
-}
+        @Override
+        public String allocatePublicIpForGuestNic(Long networkId, DataCenter dc, Pod pod,Account owner,
+                String requestedIp) throws InsufficientAddressCapacityException {
+            PublicIp ip = assignPublicIpAddress(dc.getId(), null, owner, VlanType.DirectAttached, networkId, requestedIp, false);
+            if (ip == null) {
+                s_logger.debug("There is no free public ip address");
+                return null;
+            }
+            Ip ipAddr = ip.getAddress();
+            return ipAddr.addr();
+        }
+
+ }
diff --git a/server/src/com/cloud/network/NetworkModelImpl.java b/server/src/com/cloud/network/NetworkModelImpl.java
index e83c0d28ad4..46790b3ebdc 100644
--- a/server/src/com/cloud/network/NetworkModelImpl.java
+++ b/server/src/com/cloud/network/NetworkModelImpl.java
@@ -742,7 +742,7 @@ public class NetworkModelImpl extends ManagerBase implements NetworkModel {
 
     @Override
     public Nic getNicInNetwork(long vmId, long networkId) {
-        return _nicDao.findByInstanceIdAndNetworkId(networkId, vmId);
+        return _nicDao.findByInstanceIdAndNetworkIdIncludingRemoved(networkId, vmId);
     }
 
     @Override
diff --git a/server/src/com/cloud/network/NetworkServiceImpl.java b/server/src/com/cloud/network/NetworkServiceImpl.java
index 821aa6db26f..52e81e5c8c8 100755
--- a/server/src/com/cloud/network/NetworkServiceImpl.java
+++ b/server/src/com/cloud/network/NetworkServiceImpl.java
@@ -517,8 +517,45 @@ public class NetworkServiceImpl extends ManagerBase implements  NetworkService {
             } catch (InsufficientAddressCapacityException e) {
                 throw new InvalidParameterValueException("Allocating guest ip for nic failed");
             }
+        } else if (dc.getNetworkType() == NetworkType.Basic) {
+            Account caller = UserContext.current().getCaller();
+            long callerUserId = UserContext.current().getCallerUserId();
+            _accountMgr.checkAccess(caller, AccessType.UseNetwork, false, network);
+            //handle the basic networks here
+            VirtualMachine vm = _userVmDao.findById(nicVO.getInstanceId());
+            if (vm == null) {
+                throw new InvalidParameterValueException("There is no vm with the nic");
+            }
+            VMInstanceVO vmi = (VMInstanceVO)vm;
+            Long podId = vmi.getPodIdToDeployIn();
+            if (podId == null) {
+                throw new InvalidParameterValueException("vm pod id is null");
+            }
+            Pod pod = _hostPodDao.findById(podId);
+            if (pod == null) {
+                throw new InvalidParameterValueException("vm pod is null");
+            }
+
+            try {
+                ipaddr = _networkMgr.allocatePublicIpForGuestNic(networkId, dc, pod, caller, requestedIp);
+                if (ipaddr == null) {
+                    throw new InvalidParameterValueException("Allocating ip to guest nic " + nicId + " failed");
+                }
+            } catch (InsufficientAddressCapacityException e) {
+                s_logger.error("Allocating ip to guest nic " + nicId + " failed");
+                return null;
+            }
+        } else if (isSharedNetworkOfferingWithServices(network.getNetworkOfferingId()) && zone.getNetworkType() == NetworkType.Advanced) {
+            // if shared network in the advanced zone, then check the caller against the network for 'AccessType.UseNetwork'
+            Account caller = UserContext.current().getCaller();
+            long callerUserId = UserContext.current().getCallerUserId();
+            _accountMgr.checkAccess(caller, AccessType.UseNetwork, false, network);
+            if (s_logger.isDebugEnabled()) {
+                s_logger.debug("Associate IP address called by the user " + callerUserId + " account " + ipOwner.getId());
+            }
         } else {
-            throw new InvalidParameterValueException("AddIpToVMNic is not supported in this network...");
+            s_logger.error("AddIpToVMNic is not supported in this network...");
+            return null;
         }
 
         if (ipaddr != null) {
@@ -549,18 +586,18 @@ public class NetworkServiceImpl extends ManagerBase implements  NetworkService {
         boolean success = false;
 
         // Verify input parameters
-        NicSecondaryIpVO ipVO= _nicSecondaryIpDao.findById(ipAddressId);
-        if (ipVO == null) {
+        NicSecondaryIpVO secIpVO= _nicSecondaryIpDao.findById(ipAddressId);
+        if (secIpVO == null) {
             throw new InvalidParameterValueException("Unable to find ip address by id");
         }
 
-        Network network = _networksDao.findById(ipVO.getNetworkId());
+        Network network = _networksDao.findById(secIpVO.getNetworkId());
 
         // verify permissions
         _accountMgr.checkAccess(caller, null, true, network);
 
-        Long nicId = ipVO.getNicId();
-        s_logger.debug("ip id and nic id" + ipAddressId + "..." + nicId);
+        Long nicId = secIpVO.getNicId();
+        s_logger.debug("ip id = " + ipAddressId + " nic id = " + nicId);
         //check is this the last secondary ip for NIC
         List<NicSecondaryIpVO> ipList = _nicSecondaryIpDao.listByNicId(nicId);
         boolean lastIp = false;
@@ -568,20 +605,41 @@ public class NetworkServiceImpl extends ManagerBase implements  NetworkService {
             // this is the last secondary ip to nic
             lastIp = true;
         }
-        //check PF or static NAT is configured on this ip address
-        String secondaryIp = ipVO.getIp4Address();
-        List<PortForwardingRuleVO> pfRuleList = _portForwardingDao.listByDestIpAddr(secondaryIp);
-        if (pfRuleList.size() != 0) {
-            s_logger.debug("VM nic IP " + secondaryIp + " is associated with the port forwarding rule");
-            throw new InvalidParameterValueException("Can't remove the secondary ip " + secondaryIp + " is associate with the port forwarding rule");
+
+        DataCenter dc = _dcDao.findById(network.getDataCenterId());
+        if (dc == null) {
+            throw new InvalidParameterValueException("Invalid zone Id is given");
         }
-        //check if the secondary ip associated with any static nat rule
-        IPAddressVO publicIpVO = _ipAddressDao.findByVmIp(secondaryIp);
-        if (publicIpVO != null) {
-            s_logger.debug("VM nic IP " + secondaryIp + " is associated with the static NAT rule public IP address id " + publicIpVO.getId());
-            throw new InvalidParameterValueException("Can' remove the ip " + secondaryIp + "is associate with static NAT rule public IP address id " + publicIpVO.getId());
+
+        s_logger.debug("Calling the ip allocation ...");
+        if (dc.getNetworkType() == NetworkType.Advanced && network.getGuestType() == Network.GuestType.Isolated) {
+            //check PF or static NAT is configured on this ip address
+            String secondaryIp = secIpVO.getIp4Address();
+            List<PortForwardingRuleVO> pfRuleList = _portForwardingDao.listByDestIpAddr(secondaryIp);
+            if (pfRuleList.size() != 0) {
+                s_logger.debug("VM nic IP " + secondaryIp + " is associated with the port forwarding rule");
+                throw new InvalidParameterValueException("Can't remove the secondary ip " + secondaryIp + " is associate with the port forwarding rule");
+            }
+            //check if the secondary ip associated with any static nat rule
+            IPAddressVO publicIpVO = _ipAddressDao.findByVmIp(secondaryIp);
+            if (publicIpVO != null) {
+                s_logger.debug("VM nic IP " + secondaryIp + " is associated with the static NAT rule public IP address id " + publicIpVO.getId());
+                throw new InvalidParameterValueException("Can' remove the ip " + secondaryIp + "is associate with static NAT rule public IP address id " + publicIpVO.getId());
+            }
+        } else if (dc.getNetworkType() == NetworkType.Basic) {
+            IPAddressVO ip = _ipAddressDao.findByIpAndNetworkId(secIpVO.getNetworkId(), secIpVO.getIp4Address());
+            if (ip != null) {
+                Transaction txn = Transaction.currentTxn();
+                txn.start();
+                _networkMgr.markIpAsUnavailable(ip.getId());
+                _ipAddressDao.unassignIpAddress(ip.getId());
+                txn.commit();
+            }
+        } else if (isSharedNetworkOfferingWithServices(network.getNetworkOfferingId()) && dc.getNetworkType() == NetworkType.Advanced) {
+            throw new InvalidParameterValueException("Not supported for this network now");
         }
-        success = removeNicSecondaryIP(ipVO, lastIp);
+
+        success = removeNicSecondaryIP(secIpVO, lastIp);
         return success;
     }
 
diff --git a/server/src/com/cloud/network/dao/IPAddressDao.java b/server/src/com/cloud/network/dao/IPAddressDao.java
index 1052639ebf2..3d588fa9307 100755
--- a/server/src/com/cloud/network/dao/IPAddressDao.java
+++ b/server/src/com/cloud/network/dao/IPAddressDao.java
@@ -66,4 +66,6 @@ public interface IPAddressDao extends GenericDao<IPAddressVO, Long> {
     IPAddressVO findByVmIp(String vmIp);
 
     IPAddressVO findByAssociatedVmIdAndVmIp(long vmId, String vmIp);
+
+    IPAddressVO findByIpAndNetworkId(long networkId, String ipAddress);
 }
diff --git a/server/src/com/cloud/network/dao/IPAddressDaoImpl.java b/server/src/com/cloud/network/dao/IPAddressDaoImpl.java
index b0eef4f3043..73f310fd628 100755
--- a/server/src/com/cloud/network/dao/IPAddressDaoImpl.java
+++ b/server/src/com/cloud/network/dao/IPAddressDaoImpl.java
@@ -184,6 +184,14 @@ public class IPAddressDaoImpl extends GenericDaoBase<IPAddressVO, Long> implemen
         return findOneBy(sc);
     }
 
+    @Override
+    public IPAddressVO findByIpAndNetworkId(long networkId, String ipAddress) {
+        SearchCriteria<IPAddressVO> sc = AllFieldsSearch.create();
+        sc.setParameters("network", networkId);
+        sc.setParameters("ipAddress", ipAddress);
+        return findOneBy(sc);
+    }
+
     @Override
     public IPAddressVO findByIpAndDcId(long dcId, String ipAddress) {
         SearchCriteria<IPAddressVO> sc = AllFieldsSearch.create();
diff --git a/server/src/com/cloud/network/guru/DirectNetworkGuru.java b/server/src/com/cloud/network/guru/DirectNetworkGuru.java
index 46a525e214a..8707cfd418c 100755
--- a/server/src/com/cloud/network/guru/DirectNetworkGuru.java
+++ b/server/src/com/cloud/network/guru/DirectNetworkGuru.java
@@ -16,6 +16,8 @@
 // under the License.
 package com.cloud.network.guru;
 
+import java.util.List;
+
 import javax.ejb.Local;
 import javax.inject.Inject;
 
@@ -54,7 +56,9 @@ import com.cloud.utils.component.AdapterBase;
 import com.cloud.utils.db.DB;
 import com.cloud.utils.db.Transaction;
 import com.cloud.vm.Nic.ReservationStrategy;
+import com.cloud.vm.dao.NicSecondaryIpDao;
 import com.cloud.vm.NicProfile;
+import com.cloud.vm.NicSecondaryIp;
 import com.cloud.vm.ReservationContext;
 import com.cloud.vm.VirtualMachine;
 import com.cloud.vm.VirtualMachineProfile;
@@ -79,7 +83,9 @@ public class DirectNetworkGuru extends AdapterBase implements NetworkGuru {
     UserIpv6AddressDao _ipv6Dao;
     @Inject
     Ipv6AddressManager _ipv6Mgr;
-    
+    @Inject
+    NicSecondaryIpDao _nicSecondaryIpDao;
+
     private static final TrafficType[] _trafficTypes = {TrafficType.Guest};
     
     @Override
@@ -230,6 +236,16 @@ public class DirectNetworkGuru extends AdapterBase implements NetworkGuru {
             txn.start();
             _networkMgr.markIpAsUnavailable(ip.getId());
             _ipAddressDao.unassignIpAddress(ip.getId());
+            //unassign nic secondary ip address
+            s_logger.debug("remove nic " + nic.getId() + " secondary ip ");
+            List<String> nicSecIps = null;
+            nicSecIps = _nicSecondaryIpDao.getSecondaryIpAddressesForNic(nic.getId());
+            for (String secIp: nicSecIps) {
+                IPAddressVO pubIp = _ipAddressDao.findByIpAndSourceNetworkId(nic.getNetworkId(), secIp);
+                _networkMgr.markIpAsUnavailable(pubIp.getId());
+                _ipAddressDao.unassignIpAddress(pubIp.getId());
+            }
+
             txn.commit();
         }
     	}
diff --git a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
index eafe88e36a4..1c189c44688 100755
--- a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
+++ b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
@@ -46,8 +46,10 @@ import org.apache.cloudstack.api.command.user.securitygroup.RevokeSecurityGroupI
 import org.apache.commons.codec.digest.DigestUtils;
 import org.apache.log4j.Logger;
 
+import com.amazonaws.services.identitymanagement.model.User;
 import com.cloud.agent.AgentManager;
 import com.cloud.agent.api.NetworkRulesSystemVmCommand;
+import com.cloud.agent.api.NetworkRulesVmSecondaryIpCommand;
 import com.cloud.agent.api.SecurityGroupRulesCmd;
 import com.cloud.agent.api.SecurityGroupRulesCmd.IpPortAndProto;
 import com.cloud.agent.manager.Commands;
@@ -67,12 +69,6 @@ import com.cloud.network.NetworkManager;
 import com.cloud.network.NetworkModel;
 import com.cloud.network.security.SecurityGroupWork.Step;
 import com.cloud.network.security.SecurityRule.SecurityRuleType;
-import com.cloud.network.security.dao.SecurityGroupDao;
-import com.cloud.network.security.dao.SecurityGroupRuleDao;
-import com.cloud.network.security.dao.SecurityGroupRulesDao;
-import com.cloud.network.security.dao.SecurityGroupVMMapDao;
-import com.cloud.network.security.dao.SecurityGroupWorkDao;
-import com.cloud.network.security.dao.VmRulesetLogDao;
 import com.cloud.network.security.dao.*;
 import com.cloud.projects.ProjectManager;
 import com.cloud.tags.dao.ResourceTagDao;
@@ -97,6 +93,8 @@ import com.cloud.utils.net.NetUtils;
 import com.cloud.vm.*;
 import com.cloud.vm.VirtualMachine.Event;
 import com.cloud.vm.VirtualMachine.State;
+import com.cloud.vm.dao.NicDao;
+import com.cloud.vm.dao.NicSecondaryIpDao;
 import com.cloud.vm.dao.UserVmDao;
 import com.cloud.vm.dao.VMInstanceDao;
 import edu.emory.mathcs.backport.java.util.Collections;
@@ -149,6 +147,10 @@ public class SecurityGroupManagerImpl extends ManagerBase implements SecurityGro
     ProjectManager _projectMgr;
     @Inject
     ResourceTagDao _resourceTagDao;
+    @Inject
+    NicDao _nicDao;
+    @Inject
+    NicSecondaryIpDao _nicSecIpDao;
 
     ScheduledExecutorService _executorPool;
     ScheduledExecutorService _cleanupExecutor;
@@ -489,7 +491,7 @@ public class SecurityGroupManagerImpl extends ManagerBase implements SecurityGro
         return affectedVms;
     }
 
-    protected SecurityGroupRulesCmd generateRulesetCmd(String vmName, String guestIp, String guestMac, Long vmId, String signature, long seqnum, Map<PortAndProto, Set<String>> ingressRules, Map<PortAndProto, Set<String>> egressRules) {
+    protected SecurityGroupRulesCmd generateRulesetCmd(String vmName, String guestIp, String guestMac, Long vmId, String signature, long seqnum, Map<PortAndProto, Set<String>> ingressRules, Map<PortAndProto, Set<String>> egressRules, List<String> secIps) {
         List<IpPortAndProto> ingressResult = new ArrayList<IpPortAndProto>();
         List<IpPortAndProto> egressResult = new ArrayList<IpPortAndProto>();
         for (PortAndProto pAp : ingressRules.keySet()) {
@@ -506,7 +508,7 @@ public class SecurityGroupManagerImpl extends ManagerBase implements SecurityGro
                 egressResult.add(ipPortAndProto);
             }
         }
-        return new SecurityGroupRulesCmd(guestIp, guestMac, vmName, vmId, signature, seqnum, ingressResult.toArray(new IpPortAndProto[ingressResult.size()]), egressResult.toArray(new IpPortAndProto[egressResult.size()]));
+        return new SecurityGroupRulesCmd(guestIp, guestMac, vmName, vmId, signature, seqnum, ingressResult.toArray(new IpPortAndProto[ingressResult.size()]), egressResult.toArray(new IpPortAndProto[egressResult.size()]), secIps);
     }
 
     protected void handleVmStopped(VMInstanceVO vm) {
@@ -947,8 +949,19 @@ public class SecurityGroupManagerImpl extends ManagerBase implements SecurityGro
                 Map<PortAndProto, Set<String>> egressRules = generateRulesForVM(userVmId, SecurityRuleType.EgressRule);
                 agentId = vm.getHostId();
                 if (agentId != null) {
+                    // get nic secondary ip address
+                    String privateIp = vm.getPrivateIpAddress();
+                    NicVO nic = _nicDao.findByIp4AddressAndVmId(privateIp, vm.getId());
+                    List<String> nicSecIps = null;
+                    if (nic != null) {
+                        if (nic.getSecondaryIp()) {
+                            //get secondary ips of the vm
+                            long networkId = nic.getNetworkId();
+                            nicSecIps = _nicSecIpDao.getSecondaryIpAddressesForNic(nic.getId());
+                        }
+                    }
                     SecurityGroupRulesCmd cmd = generateRulesetCmd( vm.getInstanceName(), vm.getPrivateIpAddress(), vm.getPrivateMacAddress(), vm.getId(), generateRulesetSignature(ingressRules, egressRules), seqnum,
-                            ingressRules, egressRules);
+                            ingressRules, egressRules, nicSecIps);
                     Commands cmds = new Commands(cmd);
                     try {
                         _agentMgr.send(agentId, cmds, _answerListener);
@@ -1272,4 +1285,66 @@ public class SecurityGroupManagerImpl extends ManagerBase implements SecurityGro
             return true;
         }
     }
+
+    @Override
+    public boolean securityGroupRulesForVmSecIp(Long nicId, Long networkId,
+            String secondaryIp, boolean ruleAction) {
+
+        String vmMac = null;
+        String vmName = null;
+
+        if (secondaryIp == null || nicId == null || networkId == null) {
+            throw new InvalidParameterValueException("Vm nicId or networkId or secondaryIp can't be null");
+        }
+
+        NicVO nic = _nicDao.findById(nicId);
+        Long vmId = nic.getInstanceId();
+
+        // Validate parameters
+        List<SecurityGroupVO> vmSgGrps = getSecurityGroupsForVm(vmId);
+        if (vmSgGrps == null) {
+            s_logger.debug("Vm is not in any Security group ");
+            return true;
+        }
+
+        Account caller = UserContext.current().getCaller();
+
+        for (SecurityGroupVO securityGroup: vmSgGrps) {
+            Account owner = _accountMgr.getAccount(securityGroup.getAccountId());
+            if (owner == null) {
+                throw new InvalidParameterValueException("Unable to find security group owner by id=" + securityGroup.getAccountId());
+            }
+            // Verify permissions
+            _accountMgr.checkAccess(caller, null, true, securityGroup);
+        }
+
+        UserVm  vm = _userVMDao.findById(vmId);
+        if (vm.getType() != VirtualMachine.Type.User) {
+            throw new InvalidParameterValueException("Can't configure the SG ipset, arprules rules for the non user vm");
+        }
+
+        if (vm != null) {
+            vmMac = vm.getPrivateMacAddress();
+            vmName = vm.getInstanceName();
+            if (vmMac == null || vmName == null) {
+                throw new InvalidParameterValueException("vm name or vm mac can't be null");
+            }
+        }
+
+        //create command for the to add ip in ipset and arptables rules
+        NetworkRulesVmSecondaryIpCommand cmd = new NetworkRulesVmSecondaryIpCommand(vmName, vmMac, secondaryIp, ruleAction);
+        s_logger.debug("Asking agent to configure rules for vm secondary ip");
+        Commands cmds = null;
+
+        cmds = new Commands(cmd);
+        try {
+            _agentMgr.send(vm.getHostId(), cmds);
+        } catch (AgentUnavailableException e) {
+            s_logger.debug(e.toString());
+        } catch (OperationTimedoutException e) {
+            s_logger.debug(e.toString());
+        }
+
+        return true;
+    }
 }
diff --git a/server/src/com/cloud/network/security/SecurityGroupManagerImpl2.java b/server/src/com/cloud/network/security/SecurityGroupManagerImpl2.java
index a3a0fc300f9..a42881ec905 100644
--- a/server/src/com/cloud/network/security/SecurityGroupManagerImpl2.java
+++ b/server/src/com/cloud/network/security/SecurityGroupManagerImpl2.java
@@ -40,6 +40,7 @@ import com.cloud.utils.NumbersUtil;
 import com.cloud.utils.Profiler;
 import com.cloud.utils.exception.CloudRuntimeException;
 import com.cloud.utils.mgmt.JmxUtil;
+import com.cloud.vm.NicVO;
 import com.cloud.vm.VirtualMachine.State;
 import com.cloud.network.security.SecurityRule.SecurityRuleType;
 
@@ -169,9 +170,19 @@ public class SecurityGroupManagerImpl2 extends SecurityGroupManagerImpl{
             Map<PortAndProto, Set<String>> egressRules = generateRulesForVM(userVmId, SecurityRuleType.EgressRule);
             Long agentId = vm.getHostId();
             if (agentId != null) {
+                String privateIp = vm.getPrivateIpAddress();
+                NicVO nic = _nicDao.findByIp4AddressAndVmId(privateIp, vm.getId());
+                List<String> nicSecIps = null;
+                if (nic != null) {
+                    if (nic.getSecondaryIp()) {
+                        //get secondary ips of the vm
+                        long networkId = nic.getNetworkId();
+                        nicSecIps = _nicSecIpDao.getSecondaryIpAddressesForNic(nic.getId());
+                    }
+                }
                 SecurityGroupRulesCmd cmd = generateRulesetCmd(vm.getInstanceName(), vm.getPrivateIpAddress(), 
                         vm.getPrivateMacAddress(), vm.getId(), null, 
-                        work.getLogsequenceNumber(), ingressRules, egressRules);
+                        work.getLogsequenceNumber(), ingressRules, egressRules, nicSecIps);
                 cmd.setMsId(_serverId);
                 if (s_logger.isDebugEnabled()) {
                     s_logger.debug("SecurityGroupManager v2: sending ruleset update for vm " + vm.getInstanceName() + 
diff --git a/server/src/com/cloud/resource/ResourceManagerImpl.java b/server/src/com/cloud/resource/ResourceManagerImpl.java
index 47b1d55ddac..15d32e0640d 100755
--- a/server/src/com/cloud/resource/ResourceManagerImpl.java
+++ b/server/src/com/cloud/resource/ResourceManagerImpl.java
@@ -770,6 +770,13 @@ public class ResourceManagerImpl extends ManagerBase implements ResourceManager,
                 }
             }
             clusterId = cluster.getId();
+            if (_clusterDetailsDao.findDetail(clusterId,"cpuOvercommitRatio") == null) {
+            ClusterDetailsVO cluster_cpu_detail = new ClusterDetailsVO(clusterId,"cpuOvercommitRatio","1");
+            ClusterDetailsVO cluster_memory_detail = new ClusterDetailsVO(clusterId,"memoryOvercommitRatio","1");
+            _clusterDetailsDao.persist(cluster_cpu_detail);
+            _clusterDetailsDao.persist(cluster_memory_detail);
+            }
+
         }
 
         try {
diff --git a/server/src/com/cloud/storage/dao/VMTemplateDaoImpl.java b/server/src/com/cloud/storage/dao/VMTemplateDaoImpl.java
index c4928be8fee..b51b216717b 100755
--- a/server/src/com/cloud/storage/dao/VMTemplateDaoImpl.java
+++ b/server/src/com/cloud/storage/dao/VMTemplateDaoImpl.java
@@ -78,12 +78,12 @@ import com.cloud.utils.exception.CloudRuntimeException;
 @Local(value={VMTemplateDao.class})
 public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implements VMTemplateDao {
     private static final Logger s_logger = Logger.getLogger(VMTemplateDaoImpl.class);
-    
+
     @Inject
     VMTemplateZoneDao _templateZoneDao;
     @Inject
     VMTemplateDetailsDao _templateDetailsDao;
-    
+
     @Inject
     ConfigurationDao  _configDao;
     @Inject
@@ -94,10 +94,10 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
     DataCenterDao _dcDao;
     private final String SELECT_TEMPLATE_HOST_REF = "SELECT t.id, h.data_center_id, t.unique_name, t.name, t.public, t.featured, t.type, t.hvm, t.bits, t.url, t.format, t.created, t.account_id, " +
     								"t.checksum, t.display_text, t.enable_password, t.guest_os_id, t.bootable, t.prepopulate, t.cross_zones, t.hypervisor_type FROM vm_template t";
-    
+
     private final String SELECT_TEMPLATE_ZONE_REF = "SELECT t.id, tzr.zone_id, t.unique_name, t.name, t.public, t.featured, t.type, t.hvm, t.bits, t.url, t.format, t.created, t.account_id, " +
 									"t.checksum, t.display_text, t.enable_password, t.guest_os_id, t.bootable, t.prepopulate, t.cross_zones, t.hypervisor_type FROM vm_template t INNER JOIN template_zone_ref tzr on (t.id = tzr.template_id) ";
-    
+
     private final String SELECT_TEMPLATE_SWIFT_REF = "SELECT t.id, t.unique_name, t.name, t.public, t.featured, t.type, t.hvm, t.bits, t.url, t.format, t.created, t.account_id, "
             + "t.checksum, t.display_text, t.enable_password, t.guest_os_id, t.bootable, t.prepopulate, t.cross_zones, t.hypervisor_type FROM vm_template t";
 
@@ -132,17 +132,17 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
 
     private String routerTmpltName;
     private String consoleProxyTmpltName;
-    
+
     public VMTemplateDaoImpl() {
     }
-    
+
     @Override
     public List<VMTemplateVO> listByPublic() {
     	SearchCriteria<VMTemplateVO> sc = PublicSearch.create();
     	sc.setParameters("public", 1);
 	    return listBy(sc);
 	}
-    
+
 	@Override
 	public VMTemplateVO findByName(String templateName) {
 		SearchCriteria<VMTemplateVO> sc = UniqueNameSearch.create();
@@ -159,7 +159,7 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
 
     @Override
     public List<VMTemplateVO> publicIsoSearch(Boolean bootable, boolean listRemoved, Map<String, String> tags){
-        
+
         SearchBuilder<VMTemplateVO> sb = null;
         if (tags == null || tags.isEmpty()) {
             sb = PublicIsoSearch;
@@ -170,7 +170,7 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
             sb.and("type", sb.entity().getTemplateType(), SearchCriteria.Op.EQ);
             sb.and("bootable", sb.entity().isBootable(), SearchCriteria.Op.EQ);
             sb.and("removed", sb.entity().getRemoved(), SearchCriteria.Op.EQ);
-            
+
             SearchBuilder<ResourceTagVO> tagSearch = _tagsDao.createSearchBuilder();
             for (int count=0; count < tags.size(); count++) {
                 tagSearch.or().op("key" + String.valueOf(count), tagSearch.entity().getKey(), SearchCriteria.Op.EQ);
@@ -181,20 +181,20 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
             sb.groupBy(sb.entity().getId());
             sb.join("tagSearch", tagSearch, sb.entity().getId(), tagSearch.entity().getResourceId(), JoinBuilder.JoinType.INNER);
         }
-        
+
         SearchCriteria<VMTemplateVO> sc = sb.create();
-        
+
     	sc.setParameters("public", 1);
     	sc.setParameters("format", "ISO");
     	sc.setParameters("type", TemplateType.PERHOST.toString());
     	if (bootable != null) {
     	    sc.setParameters("bootable", bootable);
     	}
-    	
+
     	if (!listRemoved) {
     		sc.setParameters("removed", (Object)null);
     	}
-    	
+
     	if (tags != null && !tags.isEmpty()) {
             int count = 0;
             sc.setJoinParameters("tagSearch", "resourceType", TaggedResourceType.ISO.toString());
@@ -204,10 +204,10 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
                 count++;
             }
         }
-    	
+
         return listBy(sc);
     }
-    
+
     @Override
     public List<VMTemplateVO> userIsoSearch(boolean listRemoved){
 
@@ -228,7 +228,7 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
 	public List<VMTemplateVO> listAllSystemVMTemplates() {
 		SearchCriteria<VMTemplateVO> sc = tmpltTypeSearch.create();
 		sc.setParameters("templateType", Storage.TemplateType.SYSTEM);
-		
+
 		Filter filter = new Filter(VMTemplateVO.class, "id", false, null, null);
 		return listBy(sc, filter);
 	}
@@ -236,7 +236,7 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
     @Override
     public List<Long> listPrivateTemplatesByHost(Long hostId) {
 
-        String sql = "select * from template_host_ref as thr INNER JOIN vm_template as t ON t.id=thr.template_id " 
+        String sql = "select * from template_host_ref as thr INNER JOIN vm_template as t ON t.id=thr.template_id "
             + "where thr.host_id=? and t.public=0 and t.featured=0 and t.type='USER' and t.removed is NULL";
 
         List<Long> l = new ArrayList<Long>();
@@ -256,7 +256,7 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
         }
         return l;
     }
-	
+
 	@Override
 	public List<VMTemplateVO> listReadyTemplates() {
 		SearchCriteria<VMTemplateVO> sc = createSearchCriteria();
@@ -264,7 +264,7 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
 		sc.addAnd("format", SearchCriteria.Op.NEQ, Storage.ImageFormat.ISO);
 		return listIncludingRemovedBy(sc);
 	}
-	
+
 	@Override
 	public List<VMTemplateVO> findIsosByIdAndPath(Long domainId, Long accountId, String path) {
 		SearchCriteria<VMTemplateVO> sc = createSearchCriteria();
@@ -287,7 +287,7 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
         sc.setParameters("accountId", accountId);
         return listBy(sc);
 	}
-	
+
 	@Override
     public List<VMTemplateVO> listByHypervisorType(List<HypervisorType> hyperTypes) {
 		SearchCriteria<VMTemplateVO> sc = createSearchCriteria();
@@ -299,17 +299,17 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
 	@Override
 	public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
 		boolean result = super.configure(name, params);
-		
+
 	    PublicSearch = createSearchBuilder();
 	    PublicSearch.and("public", PublicSearch.entity().isPublicTemplate(), SearchCriteria.Op.EQ);
 
 		routerTmpltName = (String)params.get("routing.uniquename");
-		
+
 		s_logger.debug("Found parameter routing unique name " + routerTmpltName);
 		if (routerTmpltName==null) {
 			routerTmpltName="routing";
 		}
-		
+
 		consoleProxyTmpltName = (String)params.get("consoleproxy.uniquename");
 		if(consoleProxyTmpltName == null) {
             consoleProxyTmpltName = "routing";
@@ -345,16 +345,16 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
 		hostHyperSearch.and("type", hostHyperSearch.entity().getType(), SearchCriteria.Op.EQ);
 		hostHyperSearch.and("zoneId", hostHyperSearch.entity().getDataCenterId(), SearchCriteria.Op.EQ);
 		hostHyperSearch.groupBy(hostHyperSearch.entity().getHypervisorType());
-		
+
 		tmpltTypeHyperSearch.join("tmplHyper", hostHyperSearch, hostHyperSearch.entity().getHypervisorType(), tmpltTypeHyperSearch.entity().getHypervisorType(), JoinBuilder.JoinType.INNER);
 		hostHyperSearch.done();
 		tmpltTypeHyperSearch.done();
-		
+
 		tmpltTypeHyperSearch2 = createSearchBuilder();
 		tmpltTypeHyperSearch2.and("templateType", tmpltTypeHyperSearch2.entity().getTemplateType(), SearchCriteria.Op.EQ);
 		tmpltTypeHyperSearch2.and("hypervisorType", tmpltTypeHyperSearch2.entity().getHypervisorType(), SearchCriteria.Op.EQ);
 
-		
+
 		tmpltTypeSearch = createSearchBuilder();
         tmpltTypeSearch.and("removed", tmpltTypeSearch.entity().getRemoved(), SearchCriteria.Op.NULL);
 		tmpltTypeSearch.and("templateType", tmpltTypeSearch.entity().getTemplateType(), SearchCriteria.Op.EQ);
@@ -363,11 +363,11 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
 		AccountIdSearch.and("accountId", AccountIdSearch.entity().getAccountId(), SearchCriteria.Op.EQ);
         AccountIdSearch.and("publicTemplate", AccountIdSearch.entity().isPublicTemplate(), SearchCriteria.Op.EQ);
 		AccountIdSearch.done();
-		
+
 		SearchBuilder<VMTemplateZoneVO> tmpltZoneSearch = _templateZoneDao.createSearchBuilder();
 		tmpltZoneSearch.and("removed", tmpltZoneSearch.entity().getRemoved(), SearchCriteria.Op.NULL);
 		tmpltZoneSearch.and("zoneId", tmpltZoneSearch.entity().getZoneId(), SearchCriteria.Op.EQ);
-		
+
 		TmpltsInZoneSearch = createSearchBuilder();
 		TmpltsInZoneSearch.and("removed", TmpltsInZoneSearch.entity().getRemoved(), SearchCriteria.Op.NULL);
 		TmpltsInZoneSearch.and().op("avoidtype", TmpltsInZoneSearch.entity().getTemplateType(), SearchCriteria.Op.NEQ);
@@ -378,11 +378,11 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
 		TmpltsInZoneSearch.done();
 
 		CountTemplatesByAccount = createSearchBuilder(Long.class);
-		CountTemplatesByAccount.select(null, Func.COUNT, null);        
+		CountTemplatesByAccount.select(null, Func.COUNT, null);
 		CountTemplatesByAccount.and("account", CountTemplatesByAccount.entity().getAccountId(), SearchCriteria.Op.EQ);
 		CountTemplatesByAccount.and("removed", CountTemplatesByAccount.entity().getRemoved(), SearchCriteria.Op.NULL);
 		CountTemplatesByAccount.done();
-		
+
         updateStateSearch = this.createSearchBuilder();
         updateStateSearch.and("id", updateStateSearch.entity().getId(), Op.EQ);
         updateStateSearch.and("state", updateStateSearch.entity().getState(), Op.EQ);
@@ -472,7 +472,7 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
                 } else {
                     whereClause += " AND t.account_id IN (" + permittedAccountsStr + ")";
                 }
-            } else if (templateFilter == TemplateFilter.sharedexecutable && caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
+            } else if ((templateFilter == TemplateFilter.shared || templateFilter == TemplateFilter.sharedexecutable) && caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
                 if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL) {
                     joinClause += " LEFT JOIN launch_permission lp ON t.id = lp.template_id WHERE" + " (t.account_id IN (" + permittedAccountsStr + ") OR" + " lp.account_id IN ("
                             + permittedAccountsStr + "))";
@@ -517,7 +517,7 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
 
 
 	@Override
-	public Set<Pair<Long, Long>> searchTemplates(String name, String keyword, TemplateFilter templateFilter, 
+	public Set<Pair<Long, Long>> searchTemplates(String name, String keyword, TemplateFilter templateFilter,
 	        boolean isIso, List<HypervisorType> hypers, Boolean bootable, DomainVO domain, Long pageSize, Long startIndex,
 	        Long zoneId, HypervisorType hyperType, boolean onlyReady, boolean showDomr,List<Account> permittedAccounts,
 	        Account caller, ListProjectResourcesCriteria listProjectResourcesCriteria, Map<String, String> tags) {
@@ -527,17 +527,17 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
                 builder.append(permittedAccount.getAccountId() + ",");
             }
         }
-        
+
         String permittedAccountsStr = builder.toString();
-        
+
         if (permittedAccountsStr.length() > 0) {
             //chop the "," off
             permittedAccountsStr = permittedAccountsStr.substring(0, permittedAccountsStr.length()-1);
         }
-	    
+
 	    Transaction txn = Transaction.currentTxn();
         txn.start();
-        
+
         /* Use LinkedHashSet here to guarantee iteration order */
         Set<Pair<Long, Long>> templateZonePairList = new LinkedHashSet<Pair<Long, Long>>();
         PreparedStatement pstmt = null;
@@ -545,15 +545,15 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
         StringBuilder relatedDomainIds = new StringBuilder();
         String sql = SELECT_TEMPLATE_ZONE_REF;
         String groupByClause = "";
-        try {        	
+        try {
         	//short accountType;
         	//String accountId = null;
-        	String guestOSJoin = "";  
+        	String guestOSJoin = "";
         	StringBuilder templateHostRefJoin = new StringBuilder();
         	String dataCenterJoin = "", lpjoin = "";
         	String tagsJoin = "";
 
-        	if (isIso && !hyperType.equals(HypervisorType.None)) { 
+        	if (isIso && !hyperType.equals(HypervisorType.None)) {
         		guestOSJoin = " INNER JOIN guest_os guestOS on (guestOS.id = t.guest_os_id) INNER JOIN guest_os_hypervisor goh on ( goh.guest_os_id = guestOS.id) ";
         	}
         	if (onlyReady){
@@ -564,34 +564,34 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
         	if ((templateFilter == TemplateFilter.featured) || (templateFilter == TemplateFilter.community)) {
         	    dataCenterJoin = " INNER JOIN data_center dc on (h.data_center_id = dc.id)";
         	}
-        	
-        	if (templateFilter == TemplateFilter.sharedexecutable){
+
+        	if (templateFilter == TemplateFilter.sharedexecutable || templateFilter == TemplateFilter.shared ){
         	    lpjoin = " INNER JOIN launch_permission lp ON t.id = lp.template_id ";
         	}
-        	
+
         	if (tags != null && !tags.isEmpty()) {
         	    tagsJoin = " INNER JOIN resource_tags r ON t.id = r.resource_id ";
         	}
-        	       	
+
         	sql +=  guestOSJoin + templateHostRefJoin + dataCenterJoin + lpjoin + tagsJoin;
         	String whereClause = "";
-        	
+
         	//All joins have to be made before we start setting the condition settings
-        	if ((listProjectResourcesCriteria == ListProjectResourcesCriteria.SkipProjectResources 
-        			|| (!permittedAccounts.isEmpty() && !(templateFilter == TemplateFilter.community || templateFilter == TemplateFilter.featured))) && 
+        	if ((listProjectResourcesCriteria == ListProjectResourcesCriteria.SkipProjectResources
+        			|| (!permittedAccounts.isEmpty() && !(templateFilter == TemplateFilter.community || templateFilter == TemplateFilter.featured))) &&
         			!(caller.getType() != Account.ACCOUNT_TYPE_NORMAL && templateFilter == TemplateFilter.all)) {
         		whereClause += " INNER JOIN account a on (t.account_id = a.id)";
-        		if ((templateFilter == TemplateFilter.self || templateFilter == TemplateFilter.selfexecutable) && (caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN || caller.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN)) {                	            		
-            		 whereClause += " INNER JOIN domain d on (a.domain_id = d.id) WHERE d.path LIKE '" + domain.getPath() + "%'";     
+        		if ((templateFilter == TemplateFilter.self || templateFilter == TemplateFilter.selfexecutable) && (caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN || caller.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN)) {
+            		 whereClause += " INNER JOIN domain d on (a.domain_id = d.id) WHERE d.path LIKE '" + domain.getPath() + "%'";
              		if (listProjectResourcesCriteria == ListProjectResourcesCriteria.SkipProjectResources) {
             			whereClause += " AND a.type != " + Account.ACCOUNT_TYPE_PROJECT;
             		}
-        		} else 
+        		} else
         			if (listProjectResourcesCriteria == ListProjectResourcesCriteria.SkipProjectResources) {
         				whereClause += " WHERE a.type != " + Account.ACCOUNT_TYPE_PROJECT;
         		}
         	}
-        	
+
             if (!permittedAccounts.isEmpty()) {
                 for (Account account : permittedAccounts) {
                     //accountType = account.getType();
@@ -621,12 +621,12 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
                     relatedDomainIds.setLength(relatedDomainIds.length()-1);
                 }
             }
-            
+
             String attr = " AND ";
             if (whereClause.endsWith(" WHERE ")) {
             	attr += " WHERE ";
             }
-            
+
             if (!isIso) {
         	    if ( hypers.isEmpty() ) {
         	        return templateZonePairList;
@@ -642,9 +642,10 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
                     whereClause += attr + " t.hypervisor_type IN (" + relatedHypers + ")";
         	    }
         	}
-            
-            if (!permittedAccounts.isEmpty() && !(templateFilter == TemplateFilter.featured || 
-                    templateFilter == TemplateFilter.community || templateFilter == TemplateFilter.executable)  && !isAdmin(caller.getType()) ) {
+
+            if (!permittedAccounts.isEmpty() && !(templateFilter == TemplateFilter.featured ||
+                    templateFilter == TemplateFilter.community || templateFilter == TemplateFilter.executable
+                    || templateFilter == TemplateFilter.shared || templateFilter == TemplateFilter.sharedexecutable)  && !isAdmin(caller.getType()) ) {
             	whereClause += attr + "t.account_id IN (" + permittedAccountsStr + ")";
             }
 
@@ -652,13 +653,13 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
             	whereClause += attr + "t.public = 1 AND t.featured = 1";
             	if (!permittedAccounts.isEmpty()) {
             	    whereClause += attr + "(dc.domain_id IN (" + relatedDomainIds + ") OR dc.domain_id is NULL)";
-            	}            	            
+            	}
             } else if (templateFilter == TemplateFilter.self || templateFilter == TemplateFilter.selfexecutable) {
                 whereClause += " AND t.account_id IN (" + permittedAccountsStr + ")";
-            } else if (templateFilter == TemplateFilter.sharedexecutable) {
+            } else if (templateFilter == TemplateFilter.sharedexecutable || templateFilter == TemplateFilter.shared ) {
             		whereClause += " AND " +
                 	" (t.account_id IN (" + permittedAccountsStr + ") OR" +
-                	" lp.account_id IN (" + permittedAccountsStr + "))";	
+                	" lp.account_id IN (" + permittedAccountsStr + "))";
             } else if (templateFilter == TemplateFilter.executable && !permittedAccounts.isEmpty()) {
             	whereClause += attr + "(t.public = 1 OR t.account_id IN (" + permittedAccountsStr + "))";
             } else if (templateFilter == TemplateFilter.community) {
@@ -669,7 +670,7 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
             } else if (caller.getType() != Account.ACCOUNT_TYPE_ADMIN && !isIso) {
             	return templateZonePairList;
             }
-        	
+
         	if (tags != null && !tags.isEmpty()) {
         	    whereClause += " AND (";
         	    boolean first = true;
@@ -682,13 +683,13 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
         	    }
         	    whereClause += ")";
         	}
-            
+
             if (whereClause.equals("")) {
             	whereClause += " WHERE ";
             } else if (!whereClause.equals(" WHERE ")) {
             	whereClause += " AND ";
             }
-            
+
             sql += whereClause + getExtrasWhere(templateFilter, name, keyword, isIso, bootable, hyperType, zoneId,
                     onlyReady, showDomr) + groupByClause + getOrderByLimit(pageSize, startIndex);
 
@@ -699,8 +700,8 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
                Pair<Long, Long> templateZonePair = new Pair<Long, Long>(rs.getLong(1), rs.getLong(2));
                                templateZonePairList.add(templateZonePair);
             }
-           //for now, defaulting pageSize to a large val if null; may need to revisit post 2.2RC2 
-           if(isIso && templateZonePairList.size() < (pageSize != null ? pageSize : 500) 
+           //for now, defaulting pageSize to a large val if null; may need to revisit post 2.2RC2
+           if(isIso && templateZonePairList.size() < (pageSize != null ? pageSize : 500)
                    && templateFilter != TemplateFilter.community
                    && !(templateFilter == TemplateFilter.self && !BaseCmd.isRootAdmin(caller.getType())) ){ //evaluates to true If root admin and filter=self
 
@@ -747,7 +748,7 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
         		s_logger.warn("Error in cleaning up", sqle);
         	}
         }
-        
+
         return templateZonePairList;
 	}
 
@@ -770,7 +771,7 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
             	sql += " AND t.hypervisor_type = '" + hyperType.toString() + "'";
             }
         }
-        
+
         if (bootable != null) {
         	sql += " AND t.bootable = " + bootable;
         }
@@ -787,7 +788,7 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
         }
         if (!showDomr){
         	sql += " AND t.type != '" +Storage.TemplateType.SYSTEM.toString() + "'";
-        }        
+        }
 
         sql += " AND t.removed IS NULL";
 
@@ -797,14 +798,14 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
 	private String getOrderByLimit(Long pageSize, Long startIndex) {
     	Boolean isAscending = Boolean.parseBoolean(_configDao.getValue("sortkey.algorithm"));
     	isAscending = (isAscending == null ? true : isAscending);
-    	
+
 		String sql;
 		if (isAscending) {
 			sql = " ORDER BY t.sort_key ASC";
 		} else {
 			sql = " ORDER BY t.sort_key DESC";
 		}
-    	
+
         if ((pageSize != null) && (startIndex != null)) {
             sql += " LIMIT " + startIndex.toString() + "," + pageSize.toString();
         }
@@ -835,7 +836,7 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
 		    _templateZoneDao.update(tmpltZoneVO.getId(), tmpltZoneVO);
 		}
 		txn.commit();
-		
+
 		return tmplt.getId();
 	}
 
@@ -854,7 +855,7 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
 		sc.setParameters("templateType", Storage.TemplateType.BUILTIN);
 		return listBy(sc);
 	}
-	
+
 	@Override
 	public VMTemplateVO findSystemVMTemplate(long zoneId) {
 		SearchCriteria<VMTemplateVO> sc = tmpltTypeHyperSearch.create();
@@ -864,14 +865,14 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
 
 		//order by descending order of id and select the first (this is going to be the latest)
 		List<VMTemplateVO> tmplts = listBy(sc, new Filter(VMTemplateVO.class, "id", false, null, 1l));
-		
+
 		if (tmplts.size() > 0) {
 			return tmplts.get(0);
 		} else {
 			return null;
 		}
 	}
-	
+
 	public VMTemplateVO findSystemVMTemplate(long zoneId, HypervisorType hType) {
 	    SearchCriteria<VMTemplateVO> sc = tmpltTypeHyperSearch.create();
 	    sc.setParameters("templateType", Storage.TemplateType.SYSTEM);
@@ -900,7 +901,7 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
 
         //order by descending order of id and select the first (this is going to be the latest)
         List<VMTemplateVO> tmplts = listBy(sc, new Filter(VMTemplateVO.class, "id", false, null, 1l));
-        
+
         if (tmplts.size() > 0) {
             return tmplts.get(0);
         } else {
@@ -914,7 +915,7 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
         sc.setParameters("account", accountId);
         return customSearch(sc, null).get(0);
     }
-    
+
     @Override
     @DB
     public boolean remove(Long id) {
@@ -922,7 +923,7 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
         txn.start();
         VMTemplateVO template = createForUpdate();
         template.setRemoved(new Date());
-        
+
         VMTemplateVO vo = findById(id);
         if (vo != null) {
             if (vo.getFormat() == ImageFormat.ISO) {
@@ -936,14 +937,14 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
         txn.commit();
         return result;
     }
-    
+
     private boolean isAdmin(short accountType) {
 	    return ((accountType == Account.ACCOUNT_TYPE_ADMIN) ||
 	    	    (accountType == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN) ||
 	            (accountType == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) ||
 	            (accountType == Account.ACCOUNT_TYPE_READ_ONLY_ADMIN));
 	}
-    
+
     @Override
     public List<VMTemplateVO> findTemplatesToSyncToS3() {
         return executeList(SELECT_S3_CANDIDATE_TEMPLATES, new Object[] {});
@@ -1037,7 +1038,7 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
                     joinClause.append(" LEFT JOIN launch_permission lp ON t.id = lp.template_id WHERE (t.account_id IN (");
                     joinClause.append(permittedAccountsStr);
                     joinClause.append(") OR lp.account_id IN (");
-                    joinClause.append(permittedAccountsStr); 
+                    joinClause.append(permittedAccountsStr);
                     joinClause.append("))");
                 } else {
                     joinClause.append(" INNER JOIN account a on (t.account_id = a.id) ");
@@ -1088,8 +1089,8 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
             TemplateState nextState, VMTemplateVO vo, Object data) {
         Long oldUpdated = vo.getUpdatedCount();
         Date oldUpdatedTime = vo.getUpdated();
-    
-        
+
+
         SearchCriteria<VMTemplateVO> sc = updateStateSearch.create();
         sc.setParameters("id", vo.getId());
         sc.setParameters("state", currentState);
diff --git a/server/src/com/cloud/vm/UserVmManagerImpl.java b/server/src/com/cloud/vm/UserVmManagerImpl.java
index 6b2f762a74d..88086ced461 100755
--- a/server/src/com/cloud/vm/UserVmManagerImpl.java
+++ b/server/src/com/cloud/vm/UserVmManagerImpl.java
@@ -1360,13 +1360,6 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Use
                     + " as a part of vm id=" + vmId
                     + " expunge because resource is unavailable", e);
         }
-        //remove vm secondary ip addresses
-        if (_networkMgr.removeVmSecondaryIps(vmId)) {
-            s_logger.debug("Removed vm " + vmId + " secondary ip address of the VM Nics as a part of expunge process");
-        } else {
-            success = false;
-            s_logger.warn("Fail to remove secondary ip address  of vm " + vmId + " Nics as a part of expunge process");
-        }
 
         return success;
     }
diff --git a/server/src/com/cloud/vm/dao/NicDao.java b/server/src/com/cloud/vm/dao/NicDao.java
index 794bacc6e8b..35d719131bb 100644
--- a/server/src/com/cloud/vm/dao/NicDao.java
+++ b/server/src/com/cloud/vm/dao/NicDao.java
@@ -60,4 +60,6 @@ public interface NicDao extends GenericDao<NicVO, Long> {
     NicVO findByIp4AddressAndNetworkIdAndInstanceId(long networkId, long instanceId, String ip4Address);
 
     List<NicVO> listByVmIdAndNicId(Long vmId, Long nicId);
+
+    NicVO findByIp4AddressAndVmId(String ip4Address, long instance);
 }
diff --git a/server/src/com/cloud/vm/dao/NicDaoImpl.java b/server/src/com/cloud/vm/dao/NicDaoImpl.java
index 44911740e96..b9ec72ee7c9 100644
--- a/server/src/com/cloud/vm/dao/NicDaoImpl.java
+++ b/server/src/com/cloud/vm/dao/NicDaoImpl.java
@@ -212,4 +212,13 @@ public class NicDaoImpl extends GenericDaoBase<NicVO, Long> implements NicDao {
         sc.setParameters("nicid", nicId);
         return listBy(sc);
     }
+
+    @Override
+    public NicVO findByIp4AddressAndVmId(String ip4Address, long instance) {
+        SearchCriteria<NicVO> sc = AllFieldsSearch.create();
+        sc.setParameters("address", ip4Address);
+        sc.setParameters("instance", instance);
+        return findOneBy(sc);
+    }
+
 }
diff --git a/server/test/com/cloud/network/MockNetworkManagerImpl.java b/server/test/com/cloud/network/MockNetworkManagerImpl.java
index 80043102648..eb43cce0b9e 100755
--- a/server/test/com/cloud/network/MockNetworkManagerImpl.java
+++ b/server/test/com/cloud/network/MockNetworkManagerImpl.java
@@ -32,6 +32,7 @@ import org.springframework.stereotype.Component;
 import org.apache.cloudstack.api.command.user.vm.ListNicsCmd;
 
 import com.cloud.dc.DataCenter;
+import com.cloud.dc.Pod;
 import com.cloud.dc.Vlan.VlanType;
 import com.cloud.deploy.DataCenterDeployment;
 import com.cloud.deploy.DeployDestination;
@@ -854,11 +855,6 @@ public class MockNetworkManagerImpl extends ManagerBase implements NetworkManage
         return null;
     }
 
-    @Override
-    public boolean removeVmSecondaryIps(long vmId) {
-        // TODO Auto-generated method stub
-        return false;
-    }
 
     @Override
     public List<? extends Nic> listVmNics(Long vmId, Long nicId) {
@@ -871,4 +867,18 @@ public class MockNetworkManagerImpl extends ManagerBase implements NetworkManage
         // TODO Auto-generated method stub
         return null;
     }
+
+    @Override
+    public String allocatePublicIpForGuestNic(Long networkId, DataCenter dc,
+            Pod pod, Account caller, String requestedIp)
+            throws InsufficientAddressCapacityException {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public boolean removeVmSecondaryIpsOfNic(long nicId) {
+        // TODO Auto-generated method stub
+        return false;
+    }
 }
diff --git a/server/test/com/cloud/vpc/MockNetworkManagerImpl.java b/server/test/com/cloud/vpc/MockNetworkManagerImpl.java
index 63ef8744be8..c798cdf7810 100644
--- a/server/test/com/cloud/vpc/MockNetworkManagerImpl.java
+++ b/server/test/com/cloud/vpc/MockNetworkManagerImpl.java
@@ -34,6 +34,7 @@ import org.apache.log4j.Logger;
 import org.springframework.stereotype.Component;
 
 import com.cloud.dc.DataCenter;
+import com.cloud.dc.Pod;
 import com.cloud.dc.Vlan.VlanType;
 import com.cloud.deploy.DataCenterDeployment;
 import com.cloud.deploy.DeployDestination;
@@ -1365,12 +1366,6 @@ public class MockNetworkManagerImpl extends ManagerBase implements NetworkManage
 
 
 
-    @Override
-    public boolean removeVmSecondaryIps(long vmId) {
-        // TODO Auto-generated method stub
-        return false;
-    }
-
 
 
 
@@ -1390,4 +1385,30 @@ public class MockNetworkManagerImpl extends ManagerBase implements NetworkManage
         // TODO Auto-generated method stub
         return null;
     }
+
+
+
+
+
+    @Override
+    public String allocatePublicIpForGuestNic(Long networkId, DataCenter dc,
+            Pod pod, Account caller, String requestedIp)
+            throws InsufficientAddressCapacityException {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+
+
+
+
+
+
+
+
+    @Override
+    public boolean removeVmSecondaryIpsOfNic(long nicId) {
+        // TODO Auto-generated method stub
+        return false;
+    }
 }
diff --git a/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxyHttpHandlerHelper.java b/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxyHttpHandlerHelper.java
index 7f79bae657f..6815b0d43bc 100644
--- a/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxyHttpHandlerHelper.java
+++ b/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxyHttpHandlerHelper.java
@@ -50,9 +50,10 @@ public class ConsoleProxyHttpHandlerHelper {
             ConsoleProxyPasswordBasedEncryptor encryptor = new ConsoleProxyPasswordBasedEncryptor(
                 ConsoleProxy.getEncryptorPassword());
     
+            ConsoleProxyClientParam param = encryptor.decryptObject(ConsoleProxyClientParam.class, map.get("token"));
+
             // make sure we get information from token only
             map.clear();
-            ConsoleProxyClientParam param = encryptor.decryptObject(ConsoleProxyClientParam.class, map.get("token"));
             if(param != null) {
                 if(param.getClientHostAddress() != null)
                     map.put("host", param.getClientHostAddress());
diff --git a/tools/appliance/build.sh b/tools/appliance/build.sh
index d18faaf7ce6..f1ee4a64b40 100644
--- a/tools/appliance/build.sh
+++ b/tools/appliance/build.sh
@@ -18,7 +18,7 @@
 
 set -x
 
-if [ "$1"!="" ]
+if [ ! -z "$1" ]
 then
   appliance="$1"
 else
diff --git a/ui/scripts/network.js b/ui/scripts/network.js
index 4b23f6f89ce..55f3523d3bc 100755
--- a/ui/scripts/network.js
+++ b/ui/scripts/network.js
@@ -660,15 +660,27 @@
 									  name: args.data.name,
 										displaytext: args.data.displaytext
 									};
-								
+								  
                   //args.data.networkdomain is null when networkdomain field is hidden
                   if(args.data.networkdomain != null && args.data.networkdomain != args.context.networks[0].networkdomain) {
 									  $.extend(data, {
 										  networkdomain: args.data.networkdomain
 										});
-									}
+									} 
+                  
+                  var oldcidr;
+                  $.ajax({
+                    url: createURL("listNetworks&id=" + args.context.networks[0].id ),
+                    dataType: "json",
+                    async: false,
+                    success: function(json) {
+                      oldcidr = json.listnetworksresponse.network[0].cidr;
+                      
+                    }
+                  });
 
-                  if(args.data.cidr !="" ){
+
+                  if(args.data.cidr !="" && args.data.cidr != oldcidr ){
                     $.extend(data, {
                       guestvmcidr: args.data.cidr
                     });
diff --git a/usage/pom.xml b/usage/pom.xml
index 28ab1a7dfc0..31df358ea4c 100644
--- a/usage/pom.xml
+++ b/usage/pom.xml
@@ -127,6 +127,24 @@
           </execution>
         </executions>
       </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-dependency-plugin</artifactId>
+        <version>2.5.1</version>
+        <executions>
+          <execution>
+            <id>copy-dependencies</id>
+            <phase>package</phase>
+            <goals>
+              <goal>copy-dependencies</goal>
+            </goals>
+            <configuration>
+              <outputDirectory>${project.build.directory}/dependencies</outputDirectory>
+              <includeScope>runtime</includeScope>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
     </plugins>
   </build>
   <profiles>
diff --git a/utils/src/com/cloud/utils/LogUtils.java b/utils/src/com/cloud/utils/LogUtils.java
index 975de831622..19c4c0e3e2e 100644
--- a/utils/src/com/cloud/utils/LogUtils.java
+++ b/utils/src/com/cloud/utils/LogUtils.java
@@ -19,7 +19,6 @@ package com.cloud.utils;
 import java.io.File;
 
 import org.apache.log4j.Logger;
-import org.apache.log4j.PropertyConfigurator;
 import org.apache.log4j.xml.DOMConfigurator;
 
 public class LogUtils {
@@ -36,7 +35,7 @@ public class LogUtils {
 	        file = PropertiesUtil.findConfigFile(nameWithoutExtension + ".properties");
 	        if (file != null) {
 	            s_logger.info("log4j configuration found at " + file.getAbsolutePath());
-	            PropertyConfigurator.configureAndWatch(file.getAbsolutePath());
+	            DOMConfigurator.configureAndWatch(file.getAbsolutePath());
 	        }
 	    }
    }