diff --git a/server/src/com/cloud/api/ApiDispatcher.java b/server/src/com/cloud/api/ApiDispatcher.java
index f785fb544f2..ec0ae60e1d6 100644
--- a/server/src/com/cloud/api/ApiDispatcher.java
+++ b/server/src/com/cloud/api/ApiDispatcher.java
@@ -15,6 +15,7 @@ import org.apache.log4j.Logger;
 import com.cloud.api.BaseCmd.CommandType;
 import com.cloud.configuration.ConfigurationManager;
 import com.cloud.network.NetworkManager;
+import com.cloud.network.security.NetworkGroupManager;
 import com.cloud.server.ManagementServer;
 import com.cloud.storage.StorageManager;
 import com.cloud.utils.DateUtil;
@@ -30,6 +31,7 @@ public class ApiDispatcher {
 
     private ConfigurationManager _configMgr;
     private ManagementServer _mgmtServer;
+    private NetworkGroupManager _networkGroupMgr;
     private NetworkManager _networkMgr;
     private StorageManager _storageMgr;
     private UserVmManager _userVmMgr;
@@ -38,6 +40,7 @@ public class ApiDispatcher {
         ComponentLocator locator = ComponentLocator.getLocator(ManagementServer.Name);
         _mgmtServer = (ManagementServer)ComponentLocator.getComponent(ManagementServer.Name);
         _configMgr = locator.getManager(ConfigurationManager.class);
+        _networkGroupMgr = locator.getManager(NetworkGroupManager.class);
         _networkMgr = locator.getManager(NetworkManager.class);
         _storageMgr = locator.getManager(StorageManager.class);
         _userVmMgr = locator.getManager(UserVmManager.class);
@@ -86,6 +89,9 @@ public class ApiDispatcher {
         case ConfigManager:
             mgr = _configMgr;
             break;
+        case NetworkGroupManager:
+            mgr = _networkGroupMgr;
+            break;
         case NetworkManager:
             mgr = _networkMgr;
             break;
@@ -115,7 +121,7 @@ public class ApiDispatcher {
         }
     }
 
-    @SuppressWarnings("unchecked")
+    @SuppressWarnings({"unchecked", "rawtypes"})
     private void setFieldValue(Field field, BaseCmd cmdObj, Object paramObj, Parameter annotation) throws IllegalArgumentException, ParseException {
         try {
             field.setAccessible(true);
diff --git a/server/src/com/cloud/api/BaseCmd.java b/server/src/com/cloud/api/BaseCmd.java
index bb592c34eac..b1579f889ba 100644
--- a/server/src/com/cloud/api/BaseCmd.java
+++ b/server/src/com/cloud/api/BaseCmd.java
@@ -47,8 +47,8 @@ public abstract class BaseCmd {
         BOOLEAN, DATE, FLOAT, INTEGER, LIST, LONG, OBJECT, MAP, STRING, TZDATE
     }
 
-    public enum Manager {
-    	ConfigManager, ManagementServer, NetworkManager, StorageManager, UserVmManager, AccountManager
+    public enum Manager {
+    	ConfigManager, ManagementServer, NetworkGroupManager, NetworkManager, StorageManager, UserVmManager, AccountManager
     }
 
     // FIXME:  Extract these out into a separate file
diff --git a/server/src/com/cloud/api/commands/CreateIPForwardingRuleCmd.java b/server/src/com/cloud/api/commands/CreateIPForwardingRuleCmd.java
index fbd5facb3c1..2114b2979fc 100644
--- a/server/src/com/cloud/api/commands/CreateIPForwardingRuleCmd.java
+++ b/server/src/com/cloud/api/commands/CreateIPForwardingRuleCmd.java
@@ -18,38 +18,21 @@
 
 package com.cloud.api.commands;
 
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Map;
-
 import org.apache.log4j.Logger;
 
 import com.cloud.api.BaseCmd;
+import com.cloud.api.BaseCmd.Manager;
+import com.cloud.api.Implementation;
 import com.cloud.api.Parameter;
-import com.cloud.api.ServerApiException;
-import com.cloud.exception.NetworkRuleConflictException;
+import com.cloud.api.response.FirewallRuleResponse;
 import com.cloud.network.FirewallRuleVO;
-import com.cloud.network.IPAddressVO;
-import com.cloud.user.Account;
-import com.cloud.user.User;
-import com.cloud.utils.Pair;
-import com.cloud.vm.UserVmVO;
+import com.cloud.serializer.SerializerHelper;
 
+@Implementation(method="createPortForwardingRule", manager=Manager.NetworkManager)
 public class CreateIPForwardingRuleCmd extends BaseCmd {
     public static final Logger s_logger = Logger.getLogger(CreateIPForwardingRuleCmd.class.getName());
 
     private static final String s_name = "createportforwardingruleresponse";
-    private static final List<Pair<Enum, Boolean>> s_properties = new ArrayList<Pair<Enum, Boolean>>();
-
-    static {
-        s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.USER_ID, Boolean.FALSE));
-        s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.ACCOUNT_OBJ, Boolean.FALSE));
-        s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.IP_ADDRESS, Boolean.TRUE));
-        s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.PRIVATE_PORT, Boolean.TRUE));
-        s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.PROTOCOL, Boolean.TRUE));
-        s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.PUBLIC_PORT, Boolean.TRUE));
-        s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.VIRTUAL_MACHINE_ID, Boolean.TRUE));
-    }
 
     /////////////////////////////////////////////////////
     //////////////// API parameters /////////////////////
@@ -104,85 +87,20 @@ public class CreateIPForwardingRuleCmd extends BaseCmd {
     public String getName() {
         return s_name;
     }
+
     @Override
-    public List<Pair<Enum, Boolean>> getProperties() {
-        return s_properties;
-    }
-
-    @Override
-    public List<Pair<String, Object>> execute(Map<String, Object> params) {
-        Long userId = (Long)params.get(BaseCmd.Properties.USER_ID.getName());
-        Account account = (Account)params.get(BaseCmd.Properties.ACCOUNT_OBJ.getName());
-        String ipAddress = (String)params.get(BaseCmd.Properties.IP_ADDRESS.getName());
-        String publicPort = (String)params.get(BaseCmd.Properties.PUBLIC_PORT.getName());
-        String privatePort = (String)params.get(BaseCmd.Properties.PRIVATE_PORT.getName());
-        String protocol = (String)params.get(BaseCmd.Properties.PROTOCOL.getName());
-        Long vmId = (Long)params.get(BaseCmd.Properties.VIRTUAL_MACHINE_ID.getName());
-
-        if (userId == null) {
-            userId = Long.valueOf(User.UID_SYSTEM);
-        }
-
-        IPAddressVO ipAddressVO = getManagementServer().findIPAddressById(ipAddress);
-        if (ipAddressVO == null) {
-            throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find IP address " + ipAddress);
-        }
-
-        UserVmVO userVM = getManagementServer().findUserVMInstanceById(vmId);
-        if (userVM == null) {
-            throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find virtual machine with id " + vmId);
-        }
-
-        if ((ipAddressVO.getAccountId() == null) || (ipAddressVO.getAccountId().longValue() != userVM.getAccountId())) {
-            throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to create port forwarding rule, IP address " + ipAddress + " owner is not the same as owner of virtual machine " + userVM.toString()); 
-        }
-
-        if (ipAddressVO.getDataCenterId() != userVM.getDataCenterId()) {
-            throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to create port forwarding rule, IP address " + ipAddress + " owner is not in the same availability zone as virtual machine " + userVM.toString());
-        }
-
-        // if an admin account was passed in, or no account was passed in, make sure we honor the accountName/domainId parameters
-        if (account != null) {
-            if (isAdmin(account.getType())) {
-                Account vmOwner = getManagementServer().findAccountById(userVM.getAccountId());
-                if (!getManagementServer().isChildDomain(account.getDomainId(), vmOwner.getDomainId())) {
-                    throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to create port forwarding rule, IP address " + ipAddress + " to virtual machine " + vmId + ", permission denied.");
-                }
-            } else if (account.getId().longValue() != userVM.getAccountId()) {
-                throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to create port forwarding rule, IP address " + ipAddress + " to virtual machine " + vmId + ", permission denied.");
-            }
-        }
-
-        FirewallRuleVO firewallRule = null;
-        
-        try {
-            firewallRule = getManagementServer().createPortForwardingRule(userId.longValue(), ipAddressVO, userVM, publicPort, privatePort, protocol);
-        } catch (NetworkRuleConflictException ex) {
-            throw new ServerApiException(BaseCmd.NET_CONFLICT_IPFW_RULE_ERROR, "Network rule conflict creating a forwarding rule on address:port " + ipAddress + ":" + publicPort + " to virtual machine " + userVM.toString());
-        } catch (IllegalArgumentException argEx) {
-            throw new ServerApiException(BaseCmd.PARAM_ERROR, argEx.getMessage());
-        }
-
-        if (firewallRule == null) {
-            throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "The port forwarding rule from public port " + publicPort + " to private port " + privatePort + " for address " + ipAddress + " and virtual machine " + userVM.toString() + " already exists.");
-        }
-
-        List<Pair<String, Object>> groupsTags = new ArrayList<Pair<String, Object>>();
-        Object[] forwardingTag = new Object[1];
-
-        List<Pair<String, Object>> ruleData = new ArrayList<Pair<String, Object>>();
-
-        ruleData.add(new Pair<String, Object>(BaseCmd.Properties.ID.getName(), firewallRule.getId().toString()));
-        ruleData.add(new Pair<String, Object>(BaseCmd.Properties.PUBLIC_PORT.getName(), firewallRule.getPublicPort()));
-        ruleData.add(new Pair<String, Object>(BaseCmd.Properties.PRIVATE_PORT.getName(), firewallRule.getPrivatePort()));
-        ruleData.add(new Pair<String, Object>(BaseCmd.Properties.PROTOCOL.getName(), firewallRule.getProtocol()));
-        ruleData.add(new Pair<String, Object>(BaseCmd.Properties.VIRTUAL_MACHINE_NAME.getName(), userVM.getName()));
-        ruleData.add(new Pair<String, Object>(BaseCmd.Properties.VIRTUAL_MACHINE_ID.getName(), Long.toString(userVM.getId())));
-
-        forwardingTag[0] = ruleData;
-
-        Pair<String, Object> eventTag = new Pair<String, Object>("portforwardingrule", forwardingTag);
-        groupsTags.add(eventTag);
-        return groupsTags;
-    }
+    public String getResponse() {
+        FirewallRuleVO fwRule = (FirewallRuleVO)getResponseObject();
+
+        FirewallRuleResponse fwResponse = new FirewallRuleResponse();
+        fwResponse.setId(fwRule.getId());
+        fwResponse.setPrivatePort(fwRule.getPrivatePort());
+        fwResponse.setProtocol(fwRule.getProtocol());
+        fwResponse.setPublicPort(fwRule.getPublicPort());
+        // TODO:  implement
+//      fwResponse.setVirtualMachineId(fwRule.getVirtualMachineId());
+//      fwResponse.setVirtualMachineName(fwRule.getVirtualMachineName());
+
+        return SerializerHelper.toSerializedString(fwResponse);
+    }
 }
diff --git a/server/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java b/server/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java
index 9ad2f2cb902..06f481b6033 100644
--- a/server/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java
+++ b/server/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java
@@ -18,44 +18,21 @@
 
 package com.cloud.api.commands;
 
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Map;
-
 import org.apache.log4j.Logger;
 
 import com.cloud.api.BaseCmd;
+import com.cloud.api.BaseCmd.Manager;
+import com.cloud.api.Implementation;
 import com.cloud.api.Parameter;
-import com.cloud.api.ServerApiException;
-import com.cloud.dc.Vlan.VlanType;
-import com.cloud.dc.VlanVO;
-import com.cloud.exception.InvalidParameterValueException;
-import com.cloud.exception.PermissionDeniedException;
-import com.cloud.network.IPAddressVO;
+import com.cloud.api.response.LoadBalancerResponse;
 import com.cloud.network.LoadBalancerVO;
-import com.cloud.user.Account;
-import com.cloud.utils.Pair;
-import com.cloud.utils.component.ComponentLocator;
-import com.cloud.vm.UserVmVO;
-import com.cloud.vm.dao.UserVmDao;
+import com.cloud.serializer.SerializerHelper;
 
+@Implementation(method="createLoadBalancerRule", manager=Manager.NetworkManager)
 public class CreateLoadBalancerRuleCmd extends BaseCmd {
     public static final Logger s_logger = Logger.getLogger(CreateLoadBalancerRuleCmd.class.getName());
 
     private static final String s_name = "createloadbalancerruleresponse";
-    private static final List<Pair<Enum, Boolean>> s_properties = new ArrayList<Pair<Enum, Boolean>>();
-    
-    static {
-        s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.USER_ID, Boolean.FALSE));
-        s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.ACCOUNT_OBJ, Boolean.FALSE));
-
-        s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.ALGORITHM, Boolean.TRUE));
-        s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.DESCRIPTION, Boolean.FALSE));
-        s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.NAME, Boolean.TRUE));
-        s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.PRIVATE_PORT, Boolean.TRUE));
-        s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.PUBLIC_IP, Boolean.TRUE));
-        s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.PUBLIC_PORT, Boolean.TRUE));
-    }
 
     /////////////////////////////////////////////////////
     //////////////// API parameters /////////////////////
@@ -115,99 +92,25 @@ public class CreateLoadBalancerRuleCmd extends BaseCmd {
 
     public String getName() {
         return s_name;
-    }
-    public List<Pair<Enum, Boolean>> getProperties() {
-        return s_properties;
-    }
-
+    }
+
     @Override
-    public List<Pair<String, Object>> execute(Map<String, Object> params) {
-        Long userId = (Long)params.get(BaseCmd.Properties.USER_ID.getName());
-        Account account = (Account)params.get(BaseCmd.Properties.ACCOUNT_OBJ.getName());
-        String name = (String)params.get(BaseCmd.Properties.NAME.getName());
-        String description = (String)params.get(BaseCmd.Properties.DESCRIPTION.getName());
-        String publicIP = (String)params.get(BaseCmd.Properties.PUBLIC_IP.getName());
-        String publicPort = (String)params.get(BaseCmd.Properties.PUBLIC_PORT.getName());
-        String privatePort = (String)params.get(BaseCmd.Properties.PRIVATE_PORT.getName());
-        String algorithm = (String)params.get(BaseCmd.Properties.ALGORITHM.getName());
+    public String getResponse() {
+        LoadBalancerVO responseObj = (LoadBalancerVO)getResponseObject();
 
-        UserVmDao _userVmDao;
-        ComponentLocator locator = ComponentLocator.getLocator("management-server");
-        _userVmDao = locator.getDao(UserVmDao.class);
-        
-        if (userId == null) {
-            userId = Long.valueOf(1);
-        }
+        LoadBalancerResponse response = new LoadBalancerResponse();
+        response.setAlgorithm(responseObj.getAlgorithm());
+        response.setDescription(responseObj.getDescription());
+        response.setId(responseObj.getId());
+        response.setName(responseObj.getName());
+        response.setPrivatePort(responseObj.getPrivatePort());
+        response.setPublicIp(responseObj.getIpAddress());
+        response.setPublicPort(responseObj.getPublicPort());
+        response.setAccountName(responseObj.getAccountName());
+        response.setDomainId(responseObj.getDomainId());
+        // TODO:  implement
+//        response.setDomainName(responseObj.getDomainName());
 
-        IPAddressVO ipAddr = getManagementServer().findIPAddressById(publicIP);
-        if (ipAddr == null) {
-            throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to create load balancer rule, invalid IP address " + publicIP);
-        }
-
-        VlanVO vlan = getManagementServer().findVlanById(ipAddr.getVlanDbId());
-        if (vlan != null) {
-            if (!VlanType.VirtualNetwork.equals(vlan.getVlanType())) {
-                throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to create load balancer rule for IP address " + publicIP + ", only VirtualNetwork type IP addresses can be used for load balancers.");
-            }
-        } // else ERROR?
-
-        // Verify input parameters
-        Account accountByIp = getManagementServer().findAccountByIpAddress(publicIP);
-        if(accountByIp == null) {
-            throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to create load balancer rule, cannot find account owner for ip " + publicIP);
-        }
-
-        Long accountId = accountByIp.getId();
-        if (account != null) {
-            if (!isAdmin(account.getType())) {
-                if (account.getId().longValue() != accountId.longValue()) {
-                    throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to create load balancer rule, account " + account.getAccountName() + " doesn't own ip address " + publicIP);
-                }
-            } else if (!getManagementServer().isChildDomain(account.getDomainId(), accountByIp.getDomainId())) {
-                throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to create load balancer rule on IP address " + publicIP + ", permission denied.");
-            }
-        }
-
-        List<UserVmVO> userVmVO = _userVmDao.listByAccountId(accountId);
-        
-        if(userVmVO.size()==0)
-        {
-        	//this means there are no associated vm's to the user account, and hence, the load balancer cannot be created
-        	throw new ServerApiException(BaseCmd.UNSUPPORTED_ACTION_ERROR, "Unable to create load balancer rule, no vm for the user exists.");
-        }
-        	
-        LoadBalancerVO existingLB = getManagementServer().findLoadBalancer(accountId, name);
-
-        if (existingLB != null) {
-            throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to create load balancer rule, an existing load balancer rule with name " + name + " already exisits.");
-        }
-
-        try {
-            LoadBalancerVO loadBalancer = getManagementServer().createLoadBalancer(userId, accountId, name, description, publicIP, publicPort, privatePort, algorithm);
-            List<Pair<String, Object>> embeddedObject = new ArrayList<Pair<String, Object>>();
-            List<Pair<String, Object>> returnValues = new ArrayList<Pair<String, Object>>();
-            returnValues.add(new Pair<String, Object>(BaseCmd.Properties.ID.getName(), loadBalancer.getId().toString()));
-            returnValues.add(new Pair<String, Object>(BaseCmd.Properties.NAME.getName(), loadBalancer.getName()));
-            returnValues.add(new Pair<String, Object>(BaseCmd.Properties.DESCRIPTION.getName(), loadBalancer.getDescription()));
-            returnValues.add(new Pair<String, Object>(BaseCmd.Properties.PUBLIC_IP.getName(), loadBalancer.getIpAddress()));
-            returnValues.add(new Pair<String, Object>(BaseCmd.Properties.PUBLIC_PORT.getName(), loadBalancer.getPublicPort()));
-            returnValues.add(new Pair<String, Object>(BaseCmd.Properties.PRIVATE_PORT.getName(), loadBalancer.getPrivatePort()));
-            returnValues.add(new Pair<String, Object>(BaseCmd.Properties.ALGORITHM.getName(), loadBalancer.getAlgorithm()));
-            
-            Account accountTemp = getManagementServer().findAccountById(loadBalancer.getAccountId());
-            if (accountTemp != null) {
-            	returnValues.add(new Pair<String, Object>(BaseCmd.Properties.ACCOUNT.getName(), accountTemp.getAccountName()));
-            	returnValues.add(new Pair<String, Object>(BaseCmd.Properties.DOMAIN_ID.getName(), accountTemp.getDomainId()));
-            	returnValues.add(new Pair<String, Object>(BaseCmd.Properties.DOMAIN.getName(), getManagementServer().findDomainIdById(accountTemp.getDomainId()).getName()));
-            }
-            embeddedObject.add(new Pair<String, Object>("loadbalancerrule", new Object[] { returnValues } ));
-            return embeddedObject;
-        } catch (InvalidParameterValueException paramError) {
-            throw new ServerApiException(BaseCmd.PARAM_ERROR, paramError.getMessage());
-        } catch (PermissionDeniedException permissionError) {
-            throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, permissionError.getMessage());
-        } catch (Exception ex) {
-            throw new ServerApiException(BaseCmd.INTERNAL_ERROR, ex.getMessage());
-        }
+        return SerializerHelper.toSerializedString(response);
     }
 }
diff --git a/server/src/com/cloud/api/commands/CreateNetworkGroupCmd.java b/server/src/com/cloud/api/commands/CreateNetworkGroupCmd.java
index f5e5cb5ca26..a06682fba33 100644
--- a/server/src/com/cloud/api/commands/CreateNetworkGroupCmd.java
+++ b/server/src/com/cloud/api/commands/CreateNetworkGroupCmd.java
@@ -18,34 +18,21 @@
 
 package com.cloud.api.commands;
 
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Map;
-
 import org.apache.log4j.Logger;
 
 import com.cloud.api.BaseCmd;
+import com.cloud.api.BaseCmd.Manager;
+import com.cloud.api.Implementation;
 import com.cloud.api.Parameter;
-import com.cloud.api.ServerApiException;
+import com.cloud.api.response.NetworkGroupResponse;
 import com.cloud.network.security.NetworkGroupVO;
-import com.cloud.user.Account;
-import com.cloud.utils.Pair;
+import com.cloud.serializer.SerializerHelper;
 
+@Implementation(method="createLoadBalancerRule", manager=Manager.NetworkGroupManager)
 public class CreateNetworkGroupCmd extends BaseCmd {
     public static final Logger s_logger = Logger.getLogger(CreateNetworkGroupCmd.class.getName());
 
     private static final String s_name = "createnetworkgroupresponse";
-    private static final List<Pair<Enum, Boolean>> s_properties = new ArrayList<Pair<Enum, Boolean>>();
-
-    static {
-        //s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.USER_ID, Boolean.FALSE));
-        s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.ACCOUNT_OBJ, Boolean.FALSE));
-
-        s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.ACCOUNT, Boolean.FALSE));
-        s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.DESCRIPTION, Boolean.FALSE));
-        s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.DOMAIN_ID, Boolean.FALSE));
-        s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.NAME, Boolean.TRUE));
-    }
 
     /////////////////////////////////////////////////////
     //////////////// API parameters /////////////////////
@@ -92,79 +79,20 @@ public class CreateNetworkGroupCmd extends BaseCmd {
     public String getName() {
         return s_name;
     }
-    public List<Pair<Enum, Boolean>> getProperties() {
-        return s_properties;
-    }
 
     @Override
-    public List<Pair<String, Object>> execute(Map<String, Object> params) {
-        Account account = (Account)params.get(BaseCmd.Properties.ACCOUNT_OBJ.getName());
-        Long domainId = (Long)params.get(BaseCmd.Properties.DOMAIN_ID.getName());
-        //Long userId = (Long)params.get(BaseCmd.Properties.USER_ID.getName());
-        String accountName = (String)params.get(BaseCmd.Properties.ACCOUNT.getName());
-        String name = (String)params.get(BaseCmd.Properties.NAME.getName());
-        String description = (String)params.get(BaseCmd.Properties.DESCRIPTION.getName());
-        Long accountId = null;
+    public String getResponse() {
+        NetworkGroupVO group = (NetworkGroupVO)getResponseObject();
 
-        if (account != null) {
-            if (isAdmin(account.getType())) {
-                if (domainId != null) {
-                    if (!getManagementServer().isChildDomain(account.getDomainId(), domainId)) {
-                        throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to create network group in domain " + domainId + ", permission denied.");
-                    }
-                } else {
-                    // the admin must be creating the network group
-                    if (account != null) {
-                        accountId = account.getId();
-                        domainId = account.getDomainId();
-                        accountName = account.getAccountName();
-                    }
-                }
-            } else {
-                accountId = account.getId();
-                domainId = account.getDomainId();
-                accountName = account.getAccountName();
-            }
-        }
+        NetworkGroupResponse response = new NetworkGroupResponse();
+        response.setAccountName(group.getAccountName());
+        response.setDescription(group.getDescription());
+        response.setDomainId(group.getDomainId());
+        // TODO:  implement
+//        response.setDomainName(group.getDomainName());
+        response.setId(group.getId());
+        response.setName(group.getName());
 
-        if (accountId == null) {
-            if ((accountName != null) && (domainId != null)) {
-                Account userAccount = getManagementServer().findActiveAccount(accountName, domainId);
-                if (userAccount != null) {
-                    accountId = userAccount.getId();
-                    accountName = userAccount.getAccountName();
-                } else {
-                    throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "could not find account " + accountName + " in domain " + domainId);
-                }
-            }
-        }
-
-        if (accountId == null) {
-            throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to create network group, no account specified.");
-        }
-
-        boolean isNameInUse = getManagementServer().isNetworkSecurityGroupNameInUse(domainId, accountId, name);
-
-        if (isNameInUse) {
-            throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to create network group, a group with name " + name + " already exisits.");
-        }
-
-        NetworkGroupVO networkGroup = getManagementServer().createNetworkGroup(name, description, domainId, accountId, accountName);
-
-        List<Pair<String, Object>> embeddedObject = new ArrayList<Pair<String, Object>>();
-        
-        List<Pair<String, Object>> returnValues = new ArrayList<Pair<String, Object>>();
-        returnValues.add(new Pair<String, Object>(BaseCmd.Properties.ID.getName(), networkGroup.getId().toString()));
-        returnValues.add(new Pair<String, Object>(BaseCmd.Properties.NAME.getName(), networkGroup.getName()));
-        returnValues.add(new Pair<String, Object>(BaseCmd.Properties.DESCRIPTION.getName(), networkGroup.getDescription()));
-        
-        Account accountTemp = getManagementServer().findAccountById(networkGroup.getAccountId());
-        if (accountTemp != null) {
-        	returnValues.add(new Pair<String, Object>(BaseCmd.Properties.ACCOUNT.getName(), accountTemp.getAccountName()));
-        	returnValues.add(new Pair<String, Object>(BaseCmd.Properties.DOMAIN_ID.getName(), accountTemp.getDomainId()));
-        	returnValues.add(new Pair<String, Object>(BaseCmd.Properties.DOMAIN.getName(), getManagementServer().findDomainIdById(accountTemp.getDomainId()).getName()));
-        }
-        embeddedObject.add(new Pair<String, Object>("networkgroup", new Object[] { returnValues } ));
-        return embeddedObject;
+        return SerializerHelper.toSerializedString(response);
     }
 }
diff --git a/server/src/com/cloud/api/commands/CreatePodCmd.java b/server/src/com/cloud/api/commands/CreatePodCmd.java
index ab9e2363069..7b40071fa34 100644
--- a/server/src/com/cloud/api/commands/CreatePodCmd.java
+++ b/server/src/com/cloud/api/commands/CreatePodCmd.java
@@ -18,36 +18,21 @@
 
 package com.cloud.api.commands;
 
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Map;
-
 import org.apache.log4j.Logger;
 
 import com.cloud.api.BaseCmd;
+import com.cloud.api.BaseCmd.Manager;
+import com.cloud.api.Implementation;
 import com.cloud.api.Parameter;
-import com.cloud.api.ServerApiException;
-import com.cloud.dc.DataCenterVO;
+import com.cloud.api.response.PodResponse;
 import com.cloud.dc.HostPodVO;
-import com.cloud.user.User;
-import com.cloud.utils.Pair;
+import com.cloud.serializer.SerializerHelper;
 
+@Implementation(method="createPod", manager=Manager.ConfigManager)
 public class CreatePodCmd extends BaseCmd {
     public static final Logger s_logger = Logger.getLogger(CreatePodCmd.class.getName());
 
     private static final String s_name = "createpodresponse";
-    private static final List<Pair<Enum, Boolean>> s_properties = new ArrayList<Pair<Enum, Boolean>>();
-
-    static {
-        s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.CIDR, Boolean.TRUE));
-        s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.END_IP, Boolean.FALSE));
-        s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.GATEWAY, Boolean.TRUE));
-        s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.NAME, Boolean.TRUE));
-        s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.START_IP, Boolean.TRUE));
-        s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.ZONE_ID, Boolean.TRUE));
-
-        s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.USER_ID, Boolean.FALSE));
-    }
 
     /////////////////////////////////////////////////////
     //////////////// API parameters /////////////////////
@@ -108,57 +93,22 @@ public class CreatePodCmd extends BaseCmd {
     public String getName() {
         return s_name;
     }
-    public List<Pair<Enum, Boolean>> getProperties() {
-        return s_properties;
-    }
 
     @Override
-    public List<Pair<String, Object>> execute(Map<String, Object> params) {
-    	String podName = (String) params.get(BaseCmd.Properties.NAME.getName());
-    	Long zoneId = (Long) params.get(BaseCmd.Properties.ZONE_ID.getName());
-    	String gateway = (String) params.get(BaseCmd.Properties.GATEWAY.getName());
-    	String cidr = (String) params.get(BaseCmd.Properties.CIDR.getName());
-    	String startIp = (String) params.get(BaseCmd.Properties.START_IP.getName());
-    	String endIp = (String) params.get(BaseCmd.Properties.END_IP.getName());
-    	Long userId = (Long)params.get(BaseCmd.Properties.USER_ID.getName());
-    	
-    	if (userId == null) {
-            userId = Long.valueOf(User.UID_SYSTEM);
-        }
-    	
-    	//verify input parameters
-    	DataCenterVO zone = getManagementServer().findDataCenterById(zoneId);
-    	if (zone == null) {
-    		throw new ServerApiException(BaseCmd.PARAM_ERROR, "unable to find zone by id " + zoneId);
-    	}
+    public String getResponse() {
+        HostPodVO pod = (HostPodVO)getResponseObject();
 
-    	if (endIp != null && startIp == null) {
-    		throw new ServerApiException(BaseCmd.PARAM_ERROR, "If an end IP is specified, a start IP must be specified.");
-    	}
-    	
-    	HostPodVO pod = null;
-        try {
-             pod = getManagementServer().createPod(userId, podName, zoneId, gateway, cidr, startIp, endIp);
-        } catch (Exception ex) {
-            s_logger.error("Exception creating pod", ex);
-            throw new ServerApiException(BaseCmd.INTERNAL_ERROR, ex.getMessage());
-        }
+        PodResponse response = new PodResponse();
+        response.setId(pod.getId());
+        response.setCidr(pod.getCidrAddress() + "/" + pod.getCidrSize());
+        // TODO: implement
+//        response.setEndIp(pod.getEndIp());
+//      response.setStartIp(pod.getStartIp());
+//      response.setZoneName(pod.getZoneName());
+        response.setGateway(pod.getGateway());
+        response.setName(pod.getName());
+        response.setZoneId(pod.getDataCenterId());
 
-        List<Pair<String, Object>> returnValues = new ArrayList<Pair<String, Object>>();
-        
-        if (pod == null) {
-        	throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to create pod; internal error.");
-        } else {
-        	returnValues.add(new Pair<String, Object>(BaseCmd.Properties.ID.getName(), pod.getId()));
-    		returnValues.add(new Pair<String, Object>(BaseCmd.Properties.NAME.getName(), podName));
-    		returnValues.add(new Pair<String, Object>(BaseCmd.Properties.ZONE_ID.getName(), zoneId));
-    		returnValues.add(new Pair<String, Object>(BaseCmd.Properties.ZONE_NAME.getName(), zone.getName()));
-    		returnValues.add(new Pair<String, Object>(BaseCmd.Properties.GATEWAY.getName(), pod.getGateway()));
-            returnValues.add(new Pair<String, Object>(BaseCmd.Properties.CIDR.getName(), cidr));
-            returnValues.add(new Pair<String, Object>(BaseCmd.Properties.START_IP.getName(), startIp));
-            returnValues.add(new Pair<String, Object>(BaseCmd.Properties.END_IP.getName(), endIp != null ? endIp : ""));
-        }
-        
-        return returnValues;
+        return SerializerHelper.toSerializedString(response);
     }
 }
diff --git a/server/src/com/cloud/api/response/FirewallRuleResponse.java b/server/src/com/cloud/api/response/FirewallRuleResponse.java
new file mode 100644
index 00000000000..e906318e108
--- /dev/null
+++ b/server/src/com/cloud/api/response/FirewallRuleResponse.java
@@ -0,0 +1,72 @@
+package com.cloud.api.response;
+
+import com.cloud.api.ResponseObject;
+import com.cloud.serializer.Param;
+
+public class FirewallRuleResponse implements ResponseObject {
+    @Param(name="id")
+    private Long id;
+
+    @Param(name="privateport")
+    private String privatePort;
+
+    @Param(name="protocol")
+    private String protocol;
+
+    @Param(name="publicport")
+    private String publicPort;
+
+    @Param(name="virtualmachineid")
+    private Long virtualMachineId;
+
+    @Param(name="virtualmachinename")
+    private String virtualMachineName;
+
+    public Long getId() {
+        return id;
+    }
+
+    public void setId(Long id) {
+        this.id = id;
+    }
+
+    public String getPrivatePort() {
+        return privatePort;
+    }
+
+    public void setPrivatePort(String privatePort) {
+        this.privatePort = privatePort;
+    }
+
+    public String getProtocol() {
+        return protocol;
+    }
+
+    public void setProtocol(String protocol) {
+        this.protocol = protocol;
+    }
+
+    public String getPublicPort() {
+        return publicPort;
+    }
+
+    public void setPublicPort(String publicPort) {
+        this.publicPort = publicPort;
+    }
+
+    public Long getVirtualMachineId() {
+        return virtualMachineId;
+    }
+
+    public void setVirtualMachineId(Long virtualMachineId) {
+        this.virtualMachineId = virtualMachineId;
+    }
+
+    public String getVirtualMachineName() {
+        return virtualMachineName;
+    }
+
+    public void setVirtualMachineName(String virtualMachineName) {
+        this.virtualMachineName = virtualMachineName;
+    }
+}
diff --git a/server/src/com/cloud/api/response/LoadBalancerResponse.java b/server/src/com/cloud/api/response/LoadBalancerResponse.java
new file mode 100644
index 00000000000..f66eb39b897
--- /dev/null
+++ b/server/src/com/cloud/api/response/LoadBalancerResponse.java
@@ -0,0 +1,116 @@
+package com.cloud.api.response;
+
+import com.cloud.api.ResponseObject;
+import com.cloud.serializer.Param;
+
+public class LoadBalancerResponse implements ResponseObject {
+    @Param(name="id")
+    private Long id;
+
+    @Param(name="name")
+    private String name;
+
+    @Param(name="description")
+    private String description;
+
+    @Param(name="publicip")
+    private String publicIp;
+
+    @Param(name="publicport")
+    private String publicPort;
+
+    @Param(name="privateport")
+    private String privatePort;
+
+    @Param(name="algorithm")
+    private String algorithm;
+
+    @Param(name="account")
+    private String accountName;
+
+    @Param(name="domainid")
+    private Long domainId;
+
+    @Param(name="domain")
+    private String domainName;
+
+    public Long getId() {
+        return id;
+    }
+
+    public void setId(Long id) {
+        this.id = id;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public String getDescription() {
+        return description;
+    }
+
+    public void setDescription(String description) {
+        this.description = description;
+    }
+
+    public String getPublicIp() {
+        return publicIp;
+    }
+
+    public void setPublicIp(String publicIp) {
+        this.publicIp = publicIp;
+    }
+
+    public String getPublicPort() {
+        return publicPort;
+    }
+
+    public void setPublicPort(String publicPort) {
+        this.publicPort = publicPort;
+    }
+
+    public String getPrivatePort() {
+        return privatePort;
+    }
+
+    public void setPrivatePort(String privatePort) {
+        this.privatePort = privatePort;
+    }
+
+    public String getAlgorithm() {
+        return algorithm;
+    }
+
+    public void setAlgorithm(String algorithm) {
+        this.algorithm = algorithm;
+    }
+
+    public String getAccountName() {
+        return accountName;
+    }
+
+    public void setAccountName(String accountName) {
+        this.accountName = accountName;
+    }
+
+    public Long getDomainId() {
+        return domainId;
+    }
+
+    public void setDomainId(Long domainId) {
+        this.domainId = domainId;
+    }
+
+    public String getDomainName() {
+        return domainName;
+    }
+
+    public void setDomainName(String domainName) {
+        this.domainName = domainName;
+    }
+}
diff --git a/server/src/com/cloud/api/response/NetworkGroupResponse.java b/server/src/com/cloud/api/response/NetworkGroupResponse.java
new file mode 100644
index 00000000000..d6bba965e38
--- /dev/null
+++ b/server/src/com/cloud/api/response/NetworkGroupResponse.java
@@ -0,0 +1,72 @@
+package com.cloud.api.response;
+
+import com.cloud.api.ResponseObject;
+import com.cloud.serializer.Param;
+
+public class NetworkGroupResponse implements ResponseObject {
+    @Param(name="id")
+    private Long id;
+
+    @Param(name="name")
+    private String name;
+
+    @Param(name="description")
+    private String description;
+
+    @Param(name="account")
+    private String accountName;
+
+    @Param(name="domainid")
+    private Long domainId;
+
+    @Param(name="domain")
+    private String domainName;
+
+    public Long getId() {
+        return id;
+    }
+
+    public void setId(Long id) {
+        this.id = id;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public String getDescription() {
+        return description;
+    }
+
+    public void setDescription(String description) {
+        this.description = description;
+    }
+
+    public String getAccountName() {
+        return accountName;
+    }
+
+    public void setAccountName(String accountName) {
+        this.accountName = accountName;
+    }
+
+    public Long getDomainId() {
+        return domainId;
+    }
+
+    public void setDomainId(Long domainId) {
+        this.domainId = domainId;
+    }
+
+    public String getDomainName() {
+        return domainName;
+    }
+
+    public void setDomainName(String domainName) {
+        this.domainName = domainName;
+    }
+}
diff --git a/server/src/com/cloud/api/response/PodResponse.java b/server/src/com/cloud/api/response/PodResponse.java
new file mode 100644
index 00000000000..39ac46c6794
--- /dev/null
+++ b/server/src/com/cloud/api/response/PodResponse.java
@@ -0,0 +1,94 @@
+package com.cloud.api.response;
+
+import com.cloud.api.ResponseObject;
+import com.cloud.serializer.Param;
+
+public class PodResponse implements ResponseObject {
+    @Param(name="id")
+    private Long id;
+
+    @Param(name="name")
+    private String name;
+
+    @Param(name="zoneid")
+    private Long zoneId;
+
+    @Param(name="zonename")
+    private String zoneName;
+
+    @Param(name="gateway")
+    private String gateway;
+
+    @Param(name="cidr")
+    private String cidr;
+
+    @Param(name="startip")
+    private String startIp;
+
+    @Param(name="endIp")
+    private String endIp;
+
+    public Long getId() {
+        return id;
+    }
+
+    public void setId(Long id) {
+        this.id = id;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public Long getZoneId() {
+        return zoneId;
+    }
+
+    public void setZoneId(Long zoneId) {
+        this.zoneId = zoneId;
+    }
+
+    public String getZoneName() {
+        return zoneName;
+    }
+
+    public void setZoneName(String zoneName) {
+        this.zoneName = zoneName;
+    }
+
+    public String getGateway() {
+        return gateway;
+    }
+
+    public void setGateway(String gateway) {
+        this.gateway = gateway;
+    }
+
+    public String getCidr() {
+        return cidr;
+    }
+
+    public void setCidr(String cidr) {
+        this.cidr = cidr;
+    }
+
+    public String getStartIp() {
+        return startIp;
+    }
+
+    public void setStartIp(String startIp) {
+        this.startIp = startIp;
+    }
+
+    public String getEndIp() {
+        return endIp;
+    }
+
+    public void setEndIp(String endIp) {
+        this.endIp = endIp;
+    }
+}
diff --git a/server/src/com/cloud/configuration/ConfigurationManager.java b/server/src/com/cloud/configuration/ConfigurationManager.java
index 925a642248d..892b7a07a2f 100644
--- a/server/src/com/cloud/configuration/ConfigurationManager.java
+++ b/server/src/com/cloud/configuration/ConfigurationManager.java
@@ -21,6 +21,7 @@ import java.util.List;
 
 import com.cloud.api.commands.AddConfigCmd;
 import com.cloud.api.commands.CreateDiskOfferingCmd;
+import com.cloud.api.commands.CreatePodCmd;
 import com.cloud.api.commands.DeleteDiskOfferingCmd;
 import com.cloud.api.commands.DeletePodCmd;
 import com.cloud.api.commands.UpdateCfgCmd;
@@ -140,7 +141,16 @@ public interface ConfigurationManager extends Manager {
 	 * @return Pod
 	 */
 	HostPodVO createPod(long userId, String podName, long zoneId, String gateway, String cidr, String startIp, String endIp) throws InvalidParameterValueException, InternalErrorException;
-	
+
+	/**
+	 * Creates a new pod based on the parameters specified in the command object
+	 * @param cmd the command object that specifies the name, zone, gateway, cidr, and ip range for the pod
+	 * @return the new pod if successful, null otherwise
+	 * @throws InvalidParameterValueException
+	 * @throws InternalErrorException
+	 */
+	HostPodVO createPod(CreatePodCmd cmd) throws InvalidParameterValueException, InternalErrorException;
+
 	/**
      * Edits a pod in the database. Will not allow you to edit pods that are being used anywhere in the system.
      * @param userId
diff --git a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
index d286a89354f..b81bba854bf 100644
--- a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
+++ b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
@@ -35,6 +35,7 @@ import com.cloud.api.BaseCmd;
 import com.cloud.api.ServerApiException;
 import com.cloud.api.commands.AddConfigCmd;
 import com.cloud.api.commands.CreateDiskOfferingCmd;
+import com.cloud.api.commands.CreatePodCmd;
 import com.cloud.api.commands.DeleteDiskOfferingCmd;
 import com.cloud.api.commands.DeletePodCmd;
 import com.cloud.api.commands.UpdateCfgCmd;
@@ -508,8 +509,35 @@ public class ConfigurationManagerImpl implements ConfigurationManager {
 		
 		return pod;
     }
-    
-    @DB
+
+    @Override
+    public HostPodVO createPod(CreatePodCmd cmd) throws InvalidParameterValueException, InternalErrorException {
+        String cidr = cmd.getCidr();
+        String endIp = cmd.getEndIp();
+        String gateway = cmd.getGateway();
+        String name = cmd.getPodName();
+        String startIp = cmd.getStartIp();
+        Long zoneId = cmd.getZoneId();
+
+        //verify input parameters
+        DataCenterVO zone = _zoneDao.findById(zoneId);
+        if (zone == null) {
+            throw new InvalidParameterValueException("Failed to create pod " + name + " -- unable to find zone " + zoneId);
+        }
+
+        if (endIp != null && startIp == null) {
+            throw new InvalidParameterValueException("Failed to create pod " + name + " -- if an end IP is specified, a start IP must be specified.");
+        }
+
+        Long userId = UserContext.current().getUserId();
+        if (userId == null) {
+            userId = Long.valueOf(User.UID_SYSTEM);
+        }
+
+        return createPod(userId.longValue(), name, zoneId, gateway, cidr, startIp, endIp);
+    }
+
+    @Override @DB
     public HostPodVO createPod(long userId, String podName, long zoneId, String gateway, String cidr, String startIp, String endIp) throws InvalidParameterValueException, InternalErrorException {
     	checkPodAttributes(-1, podName, zoneId, gateway, cidr, startIp, endIp, true);
 		
@@ -786,7 +814,6 @@ public class ConfigurationManagerImpl implements ConfigurationManager {
     	}
     	
     	//5. Reached here, hence editable   	
-    	DataCenterVO zoneHandle = _zoneDao.findById(zoneId);
     	String oldZoneName = zone.getName();
     	
     	if (zoneName == null) {
@@ -1067,8 +1094,6 @@ public class ConfigurationManagerImpl implements ConfigurationManager {
     	}
     }
 
-
-    
     public String changePrivateIPRange(boolean add, long podId, String startIP, String endIP) throws InvalidParameterValueException {
     	checkPrivateIpRangeErrors(podId, startIP, endIP);
     	
diff --git a/server/src/com/cloud/network/NetworkManager.java b/server/src/com/cloud/network/NetworkManager.java
index 0a91c8220b6..864ef68083a 100644
--- a/server/src/com/cloud/network/NetworkManager.java
+++ b/server/src/com/cloud/network/NetworkManager.java
@@ -21,6 +21,8 @@ import java.util.List;
 import java.util.Map;
 
 import com.cloud.api.commands.AssignToLoadBalancerRuleCmd;
+import com.cloud.api.commands.CreateIPForwardingRuleCmd;
+import com.cloud.api.commands.CreateLoadBalancerRuleCmd;
 import com.cloud.dc.DataCenterVO;
 import com.cloud.dc.HostPodVO;
 import com.cloud.dc.VlanVO;
@@ -162,7 +164,21 @@ public interface NetworkManager extends Manager {
      * @return list of rules successfully updated
      */
     public List<FirewallRuleVO> updateFirewallRules(String publicIpAddress, List<FirewallRuleVO> fwRules, DomainRouterVO router);
-    
+
+    /**
+     * Create a port forwarding rule from the given ipAddress/port to the given virtual machine/port.
+     * @param cmd the command specifying the ip address, public port, protocol, private port, and virtual machine id.
+     * @return the newly created FirewallRuleVO if successful, null otherwise.
+     */
+    public FirewallRuleVO createPortForwardingRule(CreateIPForwardingRuleCmd cmd) throws InvalidParameterValueException, PermissionDeniedException, NetworkRuleConflictException;
+
+    /**
+     * Create a load balancer rule from the given ipAddress/port to the given private port
+     * @param cmd the command specifying the ip address, public port, protocol, private port, and algorithm
+     * @return the newly created LoadBalancerVO if successful, null otherwise
+     */
+    public LoadBalancerVO createLoadBalancerRule(CreateLoadBalancerRuleCmd cmd) throws InvalidParameterValueException, PermissionDeniedException;
+
     /**
      * Associates or disassociates a list of public IP address for a router.
      * @param router router object to send the association to
diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java
index b18e55cdb94..330515f34a5 100755
--- a/server/src/com/cloud/network/NetworkManagerImpl.java
+++ b/server/src/com/cloud/network/NetworkManagerImpl.java
@@ -18,6 +18,7 @@
 package com.cloud.network;
 
 import java.util.ArrayList;
+import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
@@ -56,6 +57,8 @@ import com.cloud.agent.api.routing.SetFirewallRuleCommand;
 import com.cloud.agent.api.routing.VmDataCommand;
 import com.cloud.alert.AlertManager;
 import com.cloud.api.commands.AssignToLoadBalancerRuleCmd;
+import com.cloud.api.commands.CreateIPForwardingRuleCmd;
+import com.cloud.api.commands.CreateLoadBalancerRuleCmd;
 import com.cloud.async.AsyncJobExecutor;
 import com.cloud.async.AsyncJobManager;
 import com.cloud.async.AsyncJobVO;
@@ -100,6 +103,7 @@ import com.cloud.network.dao.FirewallRulesDao;
 import com.cloud.network.dao.IPAddressDao;
 import com.cloud.network.dao.LoadBalancerDao;
 import com.cloud.network.dao.LoadBalancerVMMapDao;
+import com.cloud.network.dao.SecurityGroupDao;
 import com.cloud.network.dao.SecurityGroupVMMapDao;
 import com.cloud.offering.ServiceOffering.GuestIpType;
 import com.cloud.service.ServiceOfferingVO;
@@ -186,6 +190,7 @@ public class NetworkManagerImpl implements NetworkManager, VirtualMachineManager
     @Inject ConfigurationManager _configMgr;
     @Inject AsyncJobManager _asyncMgr;
     @Inject StoragePoolDao _storagePoolDao = null;
+    @Inject SecurityGroupDao _securityGroupDao = null;
     @Inject ServiceOfferingDao _serviceOfferingDao = null;
     @Inject UserStatisticsDao _statsDao;
 
@@ -1359,9 +1364,11 @@ public class NetworkManagerImpl implements NetworkManager, VirtualMachineManager
         if (answers.length != ipAddrList.size()) {
             return false;
         }
-        
-        for (int i1=0; i1 < answers.length; i1++) {
-            Answer ans = answers[i1];
+
+        // FIXME:  this used to be a loop for all answers, but then we always returned the
+        //         first one in the array, so what should really be done here?
+        if (answers.length > 0) {
+            Answer ans = answers[0];
             return ans.getResult();
         }
 
@@ -1534,6 +1541,121 @@ public class NetworkManagerImpl implements NetworkManager, VirtualMachineManager
         return result;
     }
 
+    @Override
+    public FirewallRuleVO createPortForwardingRule(CreateIPForwardingRuleCmd cmd) throws InvalidParameterValueException, PermissionDeniedException, NetworkRuleConflictException {
+        // validate IP Address exists
+        IPAddressVO ipAddress = _ipAddressDao.findById(cmd.getIpAddress());
+        if (ipAddress == null) {
+            throw new InvalidParameterValueException("Unable to create port forwarding rule on address " + ipAddress + ", invalid IP address specified.");
+        }
+
+        // validate user VM exists
+        UserVmVO userVM = _vmDao.findById(cmd.getVirtualMachineId());
+        if (userVM == null) {
+            throw new InvalidParameterValueException("Unable to create port forwarding rule on address " + ipAddress + ", invalid virtual machine id specified (" + cmd.getVirtualMachineId() + ").");
+        }
+
+        // validate that IP address and userVM belong to the same account
+        if ((ipAddress.getAccountId() == null) || (ipAddress.getAccountId().longValue() != userVM.getAccountId())) {
+            throw new InvalidParameterValueException("Unable to create port forwarding rule, IP address " + ipAddress + " owner is not the same as owner of virtual machine " + userVM.toString()); 
+        }
+
+        // validate that userVM is in the same availability zone as the IP address
+        if (ipAddress.getDataCenterId() != userVM.getDataCenterId()) {
+            throw new InvalidParameterValueException("Unable to create port forwarding rule, IP address " + ipAddress + " is not in the same availability zone as virtual machine " + userVM.toString());
+        }
+
+        // if an admin account was passed in, or no account was passed in, make sure we honor the accountName/domainId parameters
+        Account account = (Account)UserContext.current().getAccountObject();
+        if (account != null) {
+            if ((account.getType() == Account.ACCOUNT_TYPE_ADMIN) || (account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN)) {
+                if (!_domainDao.isChildDomain(account.getDomainId(), userVM.getDomainId())) {
+                    throw new PermissionDeniedException("Unable to create port forwarding rule, IP address " + ipAddress + " to virtual machine " + cmd.getVirtualMachineId() + ", permission denied.");
+                }
+            } else if (account.getId().longValue() != userVM.getAccountId()) {
+                throw new PermissionDeniedException("Unable to create port forwarding rule, IP address " + ipAddress + " to virtual machine " + cmd.getVirtualMachineId() + ", permission denied.");
+            }
+        }
+
+        // set up some local variables
+        String protocol = cmd.getProtocol();
+        String publicPort = cmd.getPublicPort();
+        String privatePort = cmd.getPrivatePort();
+
+        // sanity check that the vm can be applied to the load balancer
+        ServiceOfferingVO offering = _serviceOfferingDao.findById(userVM.getServiceOfferingId());
+        if ((offering == null) || !GuestIpType.Virtualized.equals(offering.getGuestIpType())) {
+            if (s_logger.isDebugEnabled()) {
+                s_logger.debug("Unable to create port forwarding rule (" + protocol + ":" + publicPort + "->" + privatePort + ") for virtual machine " + userVM.toString() + ", bad network type (" + ((offering == null) ? "null" : offering.getGuestIpType()) + ")");
+            }
+
+            throw new IllegalArgumentException("Unable to create port forwarding rule (" + protocol + ":" + publicPort + "->" + privatePort + ") for virtual machine " + userVM.toString() + ", bad network type (" + ((offering == null) ? "null" : offering.getGuestIpType()) + ")");
+        }
+
+        // check for ip address/port conflicts by checking existing forwarding and load balancing rules
+        List<FirewallRuleVO> existingRulesOnPubIp = _rulesDao.listIPForwarding(ipAddress.getAddress());
+        Map<String, Pair<String, String>> mappedPublicPorts = new HashMap<String, Pair<String, String>>();
+
+        if (existingRulesOnPubIp != null) {
+            for (FirewallRuleVO fwRule : existingRulesOnPubIp) {
+                mappedPublicPorts.put(fwRule.getPublicPort(), new Pair<String, String>(fwRule.getPrivateIpAddress(), fwRule.getPrivatePort()));
+            }
+        }
+
+        Pair<String, String> privateIpPort = mappedPublicPorts.get(publicPort);
+        if (privateIpPort != null) {
+            if (privateIpPort.first().equals(userVM.getGuestIpAddress()) && privateIpPort.second().equals(privatePort)) {
+                if (s_logger.isDebugEnabled()) {
+                    s_logger.debug("skipping the creating of firewall rule " + ipAddress + ":" + publicPort + " to " + userVM.getGuestIpAddress() + ":" + privatePort + "; rule already exists.");
+                }
+                return null; // already mapped
+            } else {
+                // FIXME:  Will we need to refactor this for both assign port forwarding service and create port forwarding rule?
+//                throw new NetworkRuleConflictException("An existing port forwarding service rule for " + ipAddress + ":" + publicPort
+//                        + " already exists, found while trying to create mapping to " + userVM.getGuestIpAddress() + ":" + privatePort + ((securityGroupId == null) ? "." : " from port forwarding service "
+//                        + securityGroupId.toString() + "."));
+                throw new NetworkRuleConflictException("An existing port forwarding service rule for " + ipAddress + ":" + publicPort
+                        + " already exists, found while trying to create mapping to " + userVM.getGuestIpAddress() + ":" + privatePort + ".");
+            }
+        }
+
+        FirewallRuleVO newFwRule = new FirewallRuleVO();
+        newFwRule.setEnabled(true);
+        newFwRule.setForwarding(true);
+        newFwRule.setPrivatePort(privatePort);
+        newFwRule.setProtocol(protocol);
+        newFwRule.setPublicPort(publicPort);
+        newFwRule.setPublicIpAddress(ipAddress.getAddress());
+        newFwRule.setPrivateIpAddress(userVM.getGuestIpAddress());
+//        newFwRule.setGroupId(securityGroupId);
+        newFwRule.setGroupId(null);
+
+        // In 1.0 the rules were always persisted when a user created a rule.  When the rules get sent down
+        // the stopOnError parameter is set to false, so the agent will apply all rules that it can.  That
+        // behavior is preserved here by persisting the rule before sending it to the agent.
+        _rulesDao.persist(newFwRule);
+
+        boolean success = updateFirewallRule(newFwRule, null, null);
+
+        // Save and create the event
+        String description;
+        String ruleName = "ip forwarding";
+        String level = EventVO.LEVEL_INFO;
+
+        if (success == true) {
+            description = "created new " + ruleName + " rule [" + newFwRule.getPublicIpAddress() + ":" + newFwRule.getPublicPort() + "]->["
+                    + newFwRule.getPrivateIpAddress() + ":" + newFwRule.getPrivatePort() + "]" + " " + newFwRule.getProtocol();
+        } else {
+            level = EventVO.LEVEL_ERROR;
+            description = "failed to create new " + ruleName + " rule [" + newFwRule.getPublicIpAddress() + ":" + newFwRule.getPublicPort() + "]->["
+                    + newFwRule.getPrivateIpAddress() + ":" + newFwRule.getPrivatePort() + "]" + " " + newFwRule.getProtocol();
+        }
+
+        EventUtils.saveEvent(UserContext.current().getUserId(), userVM.getAccountId(), level, EventTypes.EVENT_NET_RULE_ADD, description);
+
+        return newFwRule;
+    }
+
     @Override
     public void assignToLoadBalancer(AssignToLoadBalancerRuleCmd cmd)  throws NetworkRuleConflictException, InternalErrorException,
                                                                               PermissionDeniedException, InvalidParameterValueException {
@@ -1764,6 +1886,121 @@ public class NetworkManagerImpl implements NetworkManager, VirtualMachineManager
         }
     }
 
+    @Override
+    public LoadBalancerVO createLoadBalancerRule(CreateLoadBalancerRuleCmd cmd) throws InvalidParameterValueException, PermissionDeniedException {
+        String publicIp = cmd.getPublicIp();
+
+        // make sure ip address exists
+        IPAddressVO ipAddr = _ipAddressDao.findById(cmd.getPublicIp());
+        if (ipAddr == null) {
+            throw new InvalidParameterValueException("Unable to create load balancer rule, invalid IP address " + publicIp);
+        }
+
+        VlanVO vlan = _vlanDao.findById(ipAddr.getVlanDbId());
+        if (vlan != null) {
+            if (!VlanType.VirtualNetwork.equals(vlan.getVlanType())) {
+                throw new InvalidParameterValueException("Unable to create load balancer rule for IP address " + publicIp + ", only VirtualNetwork type IP addresses can be used for load balancers.");
+            }
+        } // else ERROR?
+
+        // Verify input parameters
+        if ((ipAddr.getAccountId() == null) || (ipAddr.getAllocated() == null)) {
+            throw new InvalidParameterValueException("Unable to create load balancer rule, cannot find account owner for ip " + publicIp);
+        }
+
+        Account account = (Account)UserContext.current().getAccountObject();
+        if (account != null) {
+            if ((account.getType() == Account.ACCOUNT_TYPE_ADMIN) || (account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN)) {
+                if (!_domainDao.isChildDomain(account.getDomainId(), ipAddr.getDomainId())) {
+                    throw new PermissionDeniedException("Unable to create load balancer rule on IP address " + publicIp + ", permission denied.");
+                }
+            } else if (account.getId().longValue() != ipAddr.getAccountId().longValue()) {
+                throw new PermissionDeniedException("Unable to create load balancer rule, account " + account.getAccountName() + " doesn't own ip address " + publicIp);
+            }
+        }
+
+        String loadBalancerName = cmd.getLoadBalancerRuleName();
+        LoadBalancerVO existingLB = _loadBalancerDao.findByAccountAndName(ipAddr.getAccountId(), loadBalancerName);
+        if (existingLB != null) {
+            throw new InvalidParameterValueException("Unable to create load balancer rule, an existing load balancer rule with name " + loadBalancerName + " already exists.");
+        }
+
+        // validate params
+        String publicPort = cmd.getPublicPort();
+        String privatePort = cmd.getPrivatePort();
+        String algorithm = cmd.getAlgorithm();
+
+        if (!NetUtils.isValidPort(publicPort)) {
+            throw new InvalidParameterValueException("publicPort is an invalid value");
+        }
+        if (!NetUtils.isValidPort(privatePort)) {
+            throw new InvalidParameterValueException("privatePort is an invalid value");
+        }
+        if ((algorithm == null) || !NetUtils.isValidAlgorithm(algorithm)) {
+            throw new InvalidParameterValueException("Invalid algorithm");
+        }
+
+        boolean locked = false;
+        try {
+            LoadBalancerVO exitingLB = _loadBalancerDao.findByIpAddressAndPublicPort(publicIp, publicPort);
+            if (exitingLB != null) {
+                throw new InvalidParameterValueException("IP Address/public port already load balanced by an existing load balancer rule");
+            }
+
+            List<FirewallRuleVO> existingFwRules = _rulesDao.listIPForwarding(publicIp, publicPort, true);
+            if ((existingFwRules != null) && !existingFwRules.isEmpty()) {
+                FirewallRuleVO existingFwRule = existingFwRules.get(0);
+                String securityGroupName = null;
+                if (existingFwRule.getGroupId() != null) {
+                    long groupId = existingFwRule.getGroupId();
+                    SecurityGroupVO securityGroup = _securityGroupDao.findById(groupId);
+                    securityGroupName = securityGroup.getName();
+                }
+                throw new InvalidParameterValueException("IP Address (" + publicIp + ") and port (" + publicPort + ") already in use" +
+                        ((securityGroupName == null) ? "" : " by port forwarding service " + securityGroupName));
+            }
+
+            ipAddr = _ipAddressDao.acquire(publicIp);
+            if (ipAddr == null) {
+                throw new PermissionDeniedException("User does not own ip address " + publicIp);
+            }
+
+            locked = true;
+
+            LoadBalancerVO loadBalancer = new LoadBalancerVO(loadBalancerName, cmd.getDescription(), ipAddr.getAccountId(), publicIp, publicPort, privatePort, algorithm);
+            loadBalancer = _loadBalancerDao.persist(loadBalancer);
+            Long id = loadBalancer.getId();
+
+            // Save off information for the event that the security group was applied
+            Long userId = UserContext.current().getUserId();
+            if (userId == null) {
+                userId = Long.valueOf(User.UID_SYSTEM);
+            }
+
+            EventVO event = new EventVO();
+            event.setUserId(userId);
+            event.setAccountId(ipAddr.getAccountId());
+            event.setType(EventTypes.EVENT_LOAD_BALANCER_CREATE);
+
+            if (id == null) {
+                event.setDescription("Failed to create load balancer " + loadBalancer.getName() + " on ip address " + publicIp + "[" + publicPort + "->" + privatePort + "]");
+                event.setLevel(EventVO.LEVEL_ERROR);
+            } else {
+                event.setDescription("Successfully created load balancer " + loadBalancer.getName() + " on ip address " + publicIp + "[" + publicPort + "->" + privatePort + "]");
+                String params = "id="+loadBalancer.getId()+"\ndcId="+ipAddr.getDataCenterId();
+                event.setParameters(params);
+                event.setLevel(EventVO.LEVEL_INFO);
+            }
+            _eventDao.persist(event);
+
+            return _loadBalancerDao.findById(id);
+        } finally {
+            if (locked) {
+                _ipAddressDao.release(publicIp);
+            }
+        }
+    }
+
     @Override @DB
     public boolean releasePublicIpAddress(long userId, final String ipAddress) {
         IPAddressVO ip = null;
diff --git a/server/src/com/cloud/network/security/NetworkGroupManager.java b/server/src/com/cloud/network/security/NetworkGroupManager.java
index 75f02e0b824..9eaf5506153 100644
--- a/server/src/com/cloud/network/security/NetworkGroupManager.java
+++ b/server/src/com/cloud/network/security/NetworkGroupManager.java
@@ -20,6 +20,8 @@ package com.cloud.network.security;
 import java.util.HashMap;
 import java.util.List;
 
+import com.cloud.api.commands.CreateNetworkGroupCmd;
+import com.cloud.exception.InvalidParameterValueException;
 import com.cloud.exception.PermissionDeniedException;
 import com.cloud.exception.ResourceInUseException;
 import com.cloud.server.Criteria;
@@ -45,6 +47,13 @@ public interface NetworkGroupManager extends Manager {
 			String [] cidrList, List<NetworkGroupVO> authorizedGroups);
 	
 	public NetworkGroupVO createNetworkGroup(String name, String description, Long domainId, Long accountId, String accountName);
+
+	/**
+	 * Create a network group with the given name and description
+	 * @param command the command specifying the name and description
+	 * @return the created network group if successful, null otherwise
+	 */
+	public NetworkGroupVO createNetworkGroup(CreateNetworkGroupCmd command) throws PermissionDeniedException, InvalidParameterValueException;
 	
 	public NetworkGroupVO createDefaultNetworkGroup( Long accountId);
 	
diff --git a/server/src/com/cloud/network/security/NetworkGroupManagerImpl.java b/server/src/com/cloud/network/security/NetworkGroupManagerImpl.java
index 96ad145c1b6..f8b279f9ff2 100644
--- a/server/src/com/cloud/network/security/NetworkGroupManagerImpl.java
+++ b/server/src/com/cloud/network/security/NetworkGroupManagerImpl.java
@@ -41,10 +41,12 @@ import com.cloud.agent.AgentManager;
 import com.cloud.agent.api.Command;
 import com.cloud.agent.api.NetworkIngressRulesCmd;
 import com.cloud.agent.api.NetworkIngressRulesCmd.IpPortAndProto;
+import com.cloud.api.commands.CreateNetworkGroupCmd;
 import com.cloud.configuration.dao.ConfigurationDao;
 import com.cloud.domain.DomainVO;
 import com.cloud.domain.dao.DomainDao;
 import com.cloud.exception.AgentUnavailableException;
+import com.cloud.exception.InvalidParameterValueException;
 import com.cloud.exception.PermissionDeniedException;
 import com.cloud.exception.ResourceInUseException;
 import com.cloud.network.security.NetworkGroupWorkVO.Step;
@@ -58,6 +60,7 @@ import com.cloud.server.Criteria;
 import com.cloud.server.ManagementServer;
 import com.cloud.user.Account;
 import com.cloud.user.AccountVO;
+import com.cloud.user.UserContext;
 import com.cloud.user.dao.AccountDao;
 import com.cloud.uservm.UserVm;
 import com.cloud.utils.Pair;
@@ -537,7 +540,66 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager {
 		}
 		
 	}
-	
+
+	@Override
+    public NetworkGroupVO createNetworkGroup(CreateNetworkGroupCmd cmd) throws PermissionDeniedException, InvalidParameterValueException {
+        if (!_enabled) {
+            return null;
+        }
+
+        String accountName = cmd.getAccountName();
+	    Long domainId = cmd.getDomainId();
+	    Long accountId = null;
+
+	    Account account = (Account)UserContext.current().getAccountObject();
+        if (account != null) {
+            if ((account.getType() == Account.ACCOUNT_TYPE_ADMIN) || (account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN)) {
+                if ((domainId != null) && (accountName != null)) {
+                    if (!_domainDao.isChildDomain(account.getDomainId(), domainId)) {
+                        throw new PermissionDeniedException("Unable to create network group in domain " + domainId + ", permission denied.");
+                    }
+
+                    Account userAccount = _accountDao.findActiveAccount(accountName, domainId);
+                    if (userAccount == null) {
+                        throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId + ", failed to create network group " + cmd.getNetworkGroupName());
+                    }
+
+                    accountId = userAccount.getId();
+                } else {
+                    // the admin must be creating a network group for himself/herself
+                    if (account != null) {
+                        accountId = account.getId();
+                        domainId = account.getDomainId();
+                        accountName = account.getAccountName();
+                    }
+                }
+            } else {
+                accountId = account.getId();
+                domainId = account.getDomainId();
+                accountName = account.getAccountName();
+            }
+        }
+
+        // if no account exists in the context, it's a system level command, look up the account
+        if (accountId == null) {
+            if ((accountName != null) && (domainId != null)) {
+                Account userAccount = _accountDao.findActiveAccount(accountName, domainId);
+                if (userAccount != null) {
+                    accountId = userAccount.getId();
+                } else {
+                    throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId + ", failed to create network group " + cmd.getNetworkGroupName());
+                }
+            } else {
+                throw new InvalidParameterValueException("Missing account information (account: " + accountName + ", domain: " + domainId + "), failed to create network group " + cmd.getNetworkGroupName());
+            }
+        }
+
+        if (_networkGroupDao.isNameInUse(accountId, domainId, cmd.getNetworkGroupName())) {
+            throw new InvalidParameterValueException("Unable to create network group, a group with name " + cmd.getNetworkGroupName() + " already exisits.");
+        }
+
+        return createNetworkGroup(cmd.getNetworkGroupName(), cmd.getDescription(), domainId, accountId, accountName);
+	}
 
 	@DB
 	@Override
@@ -629,8 +691,9 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager {
 	
 	@DB
 	public void work() {
-
-		s_logger.trace("Checking the database");
+	    if (s_logger.isTraceEnabled()) {
+	        s_logger.trace("Checking the database");
+	    }
 		final NetworkGroupWorkVO work = _workDao.take(_serverId);
 		if (work == null) {
 			return;
@@ -800,7 +863,7 @@ public class NetworkGroupManagerImpl implements NetworkGroupManager {
             if (networkGroup != null) {
                 sc.setParameters("name", networkGroup);
             } else if (keyword != null) {
-                SearchCriteria ssc = _networkGroupRulesDao.createSearchCriteria();
+                SearchCriteria<NetworkGroupRulesVO> ssc = _networkGroupRulesDao.createSearchCriteria();
                 ssc.addOr("name", SearchCriteria.Op.LIKE, "%" + keyword + "%");
                 ssc.addOr("description", SearchCriteria.Op.LIKE, "%" + keyword + "%");
                 sc.addAnd("name", SearchCriteria.Op.SC, ssc);
diff --git a/server/src/com/cloud/server/ManagementServer.java b/server/src/com/cloud/server/ManagementServer.java
index c4ed23d0130..724665aeb5a 100644
--- a/server/src/com/cloud/server/ManagementServer.java
+++ b/server/src/com/cloud/server/ManagementServer.java
@@ -993,19 +993,6 @@ public interface ManagementServer {
      */
 //    ServiceOfferingVO updateServiceOffering(long userId, long serviceOfferingId, String name, String displayText, Boolean offerHA, Boolean useVirtualNetwork, String tags);
     
-    /**
-     * Adds a new pod to the database
-     * @param userId
-     * @param podName
-     * @param zoneId
-     * @param gateway
-     * @param cidr
-     * @param startIp
-     * @param endIp
-     * @return Pod
-     */
-    HostPodVO createPod(long userId, String podName, Long zoneId, String gateway, String cidr, String startIp, String endIp) throws InvalidParameterValueException, InternalErrorException;
-    
     /**
      * Edits a pod in the database
      * @param userId
@@ -1265,18 +1252,6 @@ public interface ManagementServer {
      */
     List<FirewallRuleVO> listIPForwarding(String publicIPAddress, boolean forwarding);
 
-    /**
-     * Create a single port forwarding rule from the given ip address and port to the vm's guest IP address and private port with the given protocol.
-     * @param userId the id of the user performing the action (could be an admin's ID if performing on behalf of a user)
-     * @param ipAddressVO
-     * @param userVM
-     * @param publicPort
-     * @param privatePort
-     * @param protocol
-     * @return
-     */
-    FirewallRuleVO createPortForwardingRule(long userId, IPAddressVO ipAddressVO, UserVmVO userVM, String publicPort, String privatePort, String protocol) throws NetworkRuleConflictException;
-
     /**
      * Update an existing port forwarding rule on the given public IP / public port for the given protocol
      * @param userId id of the user performing the action
@@ -1931,7 +1906,6 @@ public interface ManagementServer {
     LoadBalancerVO findLoadBalancerById(long loadBalancerId);
     List<UserVmVO> listLoadBalancerInstances(long loadBalancerId, boolean applied);
     List<LoadBalancerVO> searchForLoadBalancers(Criteria c);
-    LoadBalancerVO createLoadBalancer(Long userId, Long accountId, String name, String description, String ipAddress, String publicPort, String privatePort, String algorithm) throws InvalidParameterValueException, PermissionDeniedException;
     boolean deleteLoadBalancer(long userId, long loadBalancerId);
     long deleteLoadBalancerAsync(long userId, long loadBalancerId);
 
@@ -2045,16 +2019,6 @@ public interface ManagementServer {
 	 */
     ArrayList<String> getCloudIdentifierResponse(GetCloudIdentifierCmd cmd) throws InvalidParameterValueException;
     
-    /**
-     * check if a network security group name in the given account/domain is in use
-     *      - if accountId is specified, look only for the account
-     *      - otherwise look for the name in domain-level security groups (accountId is null)
-     * @param domainId id of the domain in which to search for security groups
-     * @param accountId id of the account in which to search for security groups
-     * @param name name of the security group to look for
-     * @return true if the security group name is found, false otherwise
-     */
-    boolean isNetworkSecurityGroupNameInUse(Long domainId, Long accountId, String name);
     NetworkGroupVO findNetworkGroupByName(Long accountId, String groupName);
 
     /**
@@ -2093,8 +2057,6 @@ public interface ManagementServer {
 	long revokeNetworkGroupIngressAsync(Long accountId, String groupName, String protocol, int startPort, int endPort, String [] cidrList, List<NetworkGroupVO> authorizedGroups);
 	boolean revokeNetworkGroupIngress(AccountVO account, String groupName, String protocol, int startPort, int endPort, String [] cidrList, List<NetworkGroupVO> authorizedGroups);
 
-	NetworkGroupVO createNetworkGroup(String name, String description, Long domainId, Long accountId, String accountName);
-
 	/**
 	 * Delete an empty network group.  If the group is not empty an error is returned.
 	 * @param groupId
diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java
index 94d14d6a013..fb04633da59 100755
--- a/server/src/com/cloud/server/ManagementServerImpl.java
+++ b/server/src/com/cloud/server/ManagementServerImpl.java
@@ -4313,37 +4313,11 @@ public class ManagementServerImpl implements ManagementServer {
         return _configMgr.createServiceOffering(userId, name, cpu, ramSize, speed, displayText, localStorageRequired, offerHA, useVirtualNetwork, tags);
     }
     
-//    @Override
-//    public ServiceOfferingVO updateServiceOffering(long userId, long serviceOfferingId, String name, String displayText, Boolean offerHA, Boolean useVirtualNetwork, String tags) {
-//    	return _configMgr.updateServiceOffering(userId, serviceOfferingId, name, displayText, offerHA, useVirtualNetwork, tags);
-//    }
-    
-
-    @Override
-    public HostPodVO createPod(long userId, String podName, Long zoneId, String gateway, String cidr, String startIp, String endIp) throws InvalidParameterValueException, InternalErrorException {
-        return _configMgr.createPod(userId, podName, zoneId, gateway, cidr, startIp, endIp);
-    }
-
-//    @Override
-//    public HostPodVO editPod(long userId, long podId, String newPodName, String gateway, String cidr, String startIp, String endIp) throws InvalidParameterValueException, InternalErrorException {
-//        return _configMgr.editPod(userId, podId, newPodName, gateway, cidr, startIp, endIp);
-//    }
-
-//    @Override
-//    public void deletePod(long userId, long podId) throws InvalidParameterValueException, InternalErrorException {
-//        _configMgr.deletePod(userId, podId);
-//    }
-
     @Override
     public DataCenterVO createZone(long userId, String zoneName, String dns1, String dns2, String internalDns1, String internalDns2, String vnetRange,String guestCidr) throws InvalidParameterValueException, InternalErrorException {
         return _configMgr.createZone(userId, zoneName, dns1, dns2, internalDns1, internalDns2, vnetRange, guestCidr);
     }
 
-//    @Override
-//    public DataCenterVO editZone(long userId, Long zoneId, String newZoneName, String dns1, String dns2, String dns3, String dns4, String vnetRange, String guestCidr) throws InvalidParameterValueException, InternalErrorException {
-//        return _configMgr.editZone(userId, zoneId, newZoneName, dns1, dns2, dns3, dns4, vnetRange, guestCidr);
-//    }
-
     @Override
     public void deleteZone(long userId, Long zoneId) throws InvalidParameterValueException, InternalErrorException {
         _configMgr.deleteZone(userId, zoneId);
@@ -5050,11 +5024,6 @@ public class ManagementServerImpl implements ManagementServer {
         return _firewallRulesDao.listIPForwarding(publicIPAddress, forwarding);
     }
 
-    @Override
-    public FirewallRuleVO createPortForwardingRule(long userId, IPAddressVO ipAddressVO, UserVmVO userVM, String publicPort, String privatePort, String protocol) throws NetworkRuleConflictException {
-        return createFirewallRule(userId, ipAddressVO.getAddress(), userVM, publicPort, privatePort, protocol, null);
-    }
-
     @Override
     public FirewallRuleVO updatePortForwardingRule(long userId, String publicIp, String privateIp, String publicPort, String privatePort, String protocol) {
         List<FirewallRuleVO> fwRules = _firewallRulesDao.listIPForwardingForUpdate(publicIp, publicPort, protocol);
@@ -7119,86 +7088,6 @@ public class ManagementServerImpl implements ManagementServer {
         return _loadBalancerDao.findById(Long.valueOf(loadBalancerId));
     }
 
-    @Override
-    @DB
-    public LoadBalancerVO createLoadBalancer(Long userId, Long accountId, String name, String description, String ipAddress, String publicPort, String privatePort, String algorithm)
-            throws InvalidParameterValueException, PermissionDeniedException {
-        if (accountId == null) {
-            throw new InvalidParameterValueException("accountId not specified");
-        }
-        if (!NetUtils.isValidIp(ipAddress)) {
-            throw new InvalidParameterValueException("invalid ip address");
-        }
-        if (!NetUtils.isValidPort(publicPort)) {
-            throw new InvalidParameterValueException("publicPort is an invalid value");
-        }
-        if (!NetUtils.isValidPort(privatePort)) {
-            throw new InvalidParameterValueException("privatePort is an invalid value");
-        }
-        if ((algorithm == null) || !NetUtils.isValidAlgorithm(algorithm)) {
-            throw new InvalidParameterValueException("Invalid algorithm");
-        }
-
-        boolean locked = false;
-        try {
-            LoadBalancerVO exitingLB = _loadBalancerDao.findByIpAddressAndPublicPort(ipAddress, publicPort);
-            if (exitingLB != null) {
-                throw new InvalidParameterValueException("IP Address/public port already load balanced by an existing load balancer rule");
-            }
-
-            List<FirewallRuleVO> existingFwRules = _firewallRulesDao.listIPForwarding(ipAddress, publicPort, true);
-            if ((existingFwRules != null) && !existingFwRules.isEmpty()) {
-                FirewallRuleVO existingFwRule = existingFwRules.get(0);
-                String securityGroupName = null;
-                if (existingFwRule.getGroupId() != null) {
-                    long groupId = existingFwRule.getGroupId();
-                    SecurityGroupVO securityGroup = _securityGroupDao.findById(groupId);
-                    securityGroupName = securityGroup.getName();
-                }
-                throw new InvalidParameterValueException("IP Address (" + ipAddress + ") and port (" + publicPort + ") already in use" +
-                        ((securityGroupName == null) ? "" : " by port forwarding service " + securityGroupName));
-            }
-
-            IPAddressVO addr = _publicIpAddressDao.acquire(ipAddress);
-
-            if (addr == null) {
-                throw new PermissionDeniedException("User does not own ip address " + ipAddress);
-            }
-
-            locked = true;
-            if ((addr.getAllocated() == null) || !accountId.equals(addr.getAccountId())) {
-                throw new PermissionDeniedException("User does not own ip address " + ipAddress);
-            }
-
-            LoadBalancerVO loadBalancer = new LoadBalancerVO(name, description, accountId.longValue(), ipAddress, publicPort, privatePort, algorithm);
-            loadBalancer = _loadBalancerDao.persist(loadBalancer);
-            Long id = loadBalancer.getId();
-
-            // Save off information for the event that the security group was applied
-            EventVO event = new EventVO();
-            event.setUserId(userId);
-            event.setAccountId(accountId);
-            event.setType(EventTypes.EVENT_LOAD_BALANCER_CREATE);
-
-            if (id == null) {
-                event.setDescription("Failed to create load balancer " + loadBalancer.getName() + " on ip address " + ipAddress + "[" + publicPort + "->" + privatePort + "]");
-                event.setLevel(EventVO.LEVEL_ERROR);
-            } else {
-                event.setDescription("Successfully created load balancer " + loadBalancer.getName() + " on ip address " + ipAddress + "[" + publicPort + "->" + privatePort + "]");
-                String params = "id="+loadBalancer.getId()+"\ndcId="+addr.getDataCenterId();
-                event.setParameters(params);
-                event.setLevel(EventVO.LEVEL_INFO);
-            }
-            _eventDao.persist(event);
-
-            return _loadBalancerDao.findById(id);
-        } finally {
-            if (locked) {
-                _publicIpAddressDao.release(ipAddress);
-            }
-        }
-    }
-
     /*
     @Override @DB
     public long assignToLoadBalancerAsync(long userId, long loadBalancerId, List<Long> instanceIds, Map<String, String> params) {
@@ -8181,15 +8070,6 @@ public class ManagementServerImpl implements ManagementServer {
         return groupVO;
     }
 
-	@Override
-	public boolean isNetworkSecurityGroupNameInUse(Long domainId, Long accountId, String name) {
-		if (domainId == null) {
-            domainId = DomainVO.ROOT_DOMAIN;
-        }
-		_networkGroupMgr.createDefaultNetworkGroup(accountId);
-        return _networkSecurityGroupDao.isNameInUse(accountId, domainId, name);
-	}
-
 	@Override
 	public List<IngressRuleVO> authorizeNetworkGroupIngress(AccountVO account, String groupName, String protocol, int startPort, int endPort, String [] cidrList, List<NetworkGroupVO> authorizedGroups) {
 		return _networkGroupMgr.authorizeNetworkGroupIngress(account, groupName, protocol, startPort, endPort, cidrList, authorizedGroups);
@@ -8237,11 +8117,6 @@ public class ManagementServerImpl implements ManagementServer {
         return _asyncMgr.submitAsyncJob(job);
 	}
 
-    @Override
-    public NetworkGroupVO createNetworkGroup(String name, String description, Long domainId, Long accountId, String accountName) {
-    	return _networkGroupMgr.createNetworkGroup(name, description, domainId, accountId, accountName);
-    }
-
     @Override
     public void deleteNetworkGroup(Long groupId, Long accountId) throws ResourceInUseException, PermissionDeniedException {
         _networkGroupMgr.deleteNetworkGroup(groupId, accountId);