apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixing some docs

Browse Source
This commit is contained in:
David Nalley 2012-09-21 19:12:43 -04:00
parent a4906c6b0c
commit 98f4542d1c
13 changed files with 777 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/en-US/add-load-balancer-rule.xml
View File

@ -70,10 +70,6 @@
the algorithm for the stickiness policy. See Sticky Session Policies for Load Balancer
Rules.</para>
</listitem>
<listitem>
<para><emphasis role="bold">AutoScale</emphasis>: Click Configure and complete the
AutoScale configuration as explained in <xref linkend="autoscale"/>.</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>

29
docs/en-US/add-more-clusters.xml Normal file
View File

@ -0,0 +1,29 @@
<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="add-more-clusters">
<title>Add More Clusters (Optional)</title>
<para>You need to tell &PRODUCT; about the hosts that it will manage. Hosts exist inside clusters,
so before you begin adding hosts to the cloud, you must add at least one cluster.</para>
<xi:include href="about-clusters.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
<xi:include href="add-clusters-kvm-xenserver.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
<xi:include href="add-clusters-ovm.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
<xi:include href="add-clusters-vsphere.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
</section>

108
docs/en-US/add-primary-storage.xml Normal file
View File

@ -0,0 +1,108 @@
<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="add-primary-storage">
<title>Adding Primary Storage</title>
<note>
<para>Ensure that nothing stored on the server. Adding the server to CloudStack will destroy any
existing data.</para>
</note>
<para>When you create a new zone, the first primary storage is added as part of that procedure.
You can add primary storage servers at any time, such as when adding a new cluster or adding
more servers to an existing cluster.</para>
<orderedlist>
<listitem>
<para>Log in to the &PRODUCT; UI.</para>
</listitem>
<listitem>
<para>In the left navigation, choose Infrastructure. In Zones, click View More, then click the
zone in which you want to add the primary storage.</para>
</listitem>
<listitem>
<para>Click the Compute tab.</para>
</listitem>
<listitem>
<para>In the Primary Storage node of the diagram, click View All.</para>
</listitem>
<listitem>
<para>Click Add Primary Storage.</para>
</listitem>
<listitem>
<para>Provide the following information in the dialog. The information required varies
depending on your choice in Protocol.</para>
<itemizedlist>
<listitem>
<para>Pod. The pod for the storage device.</para>
</listitem>
<listitem>
<para>Cluster. The cluster for the storage device.</para>
</listitem>
<listitem>
<para>Name. The name of the storage device</para>
</listitem>
<listitem>
<para>Protocol. For XenServer, choose either NFS, iSCSI, or PreSetup. For KVM, choose NFS
or SharedMountPoint. For vSphere choose either VMFS (iSCSI or FiberChannel) or
NFS</para>
</listitem>
<listitem>
<para>Server (for NFS, iSCSI, or PreSetup). The IP address or DNS name of the storage
device</para>
</listitem>
<listitem>
<para>Server (for VMFS). The IP address or DNS name of the vCenter server.</para>
</listitem>
<listitem>
<para>Path (for NFS). In NFS this is the exported path from the server.</para>
</listitem>
<listitem>
<para>Path (for VMFS). In vSphere this is a combination of the datacenter name and the
datastore name. The format is "/" datacenter name "/" datastore name. For example,
"/cloud.dc.VM/cluster1datastore".</para>
</listitem>
<listitem>
<para>Path (for SharedMountPoint). With KVM this is the path on each host that is where
this primary storage is mounted. For example, "/mnt/primary".</para>
</listitem>
<listitem>
<para>SR Name-Label (for PreSetup). Enter the name-label of the SR that has been set up
outside &PRODUCT;.</para>
</listitem>
<listitem>
<para>Target IQN (for iSCSI). In iSCSI this is the IQN of the target. For example,
iqn.1986-03.com.sun:02:01ec9bb549-1271378984</para>
</listitem>
<listitem>
<para>Lun # (for iSCSI). In iSCSI this is the LUN number. For example, 3.</para>
</listitem>
<listitem>
<para>Tags (optional). The comma-separated list of tags for this storage device. It should
be an equivalent set or superset of the tags on your disk offerings</para>
</listitem>
</itemizedlist>
<para>The tag sets on primary storage across clusters in a Zone must be identical. For
example, if cluster A provides primary storage that has tags T1 and T2, all other clusters
in the Zone must also provide primary storage that has tags T1 and T2.</para>
</listitem>
<listitem>
<para>Click OK.</para>
</listitem>
</orderedlist>
</section>

48
docs/en-US/add-secondary-storage.xml Normal file
View File

@ -0,0 +1,48 @@
<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="add-secondary-storage">
<title>Adding Secondary Storage</title>
<note>
<para>Be sure there is nothing stored on the server. Adding the server to CloudStack will
destroy any existing data.</para>
</note>
<para>When you create a new zone, the first secondary storage is added as part of that procedure.
You can add secondary storage servers at any time to add more servers to an existing
zone.</para>
<orderedlist>
<listitem>
<para>If you are going to use Swift for cloud-wide secondary storage, you must add the Swift
storage to &PRODUCT; before you add the local zone secondary storage servers.</para>
</listitem>
<listitem>
<para>To prepare for local zone secondary storage, you should have created and mounted an NFS
share during Management Server installation.</para>
</listitem>
<listitem>
<para>Make sure you prepared the system VM template during Management Server
installation.</para>
</listitem>
<listitem>
<para>4. Now that the secondary storage server for per-zone storage is prepared, add it to
&PRODUCT;. Secondary storage is added as part of the procedure for adding a new zone.</para>
</listitem>
</orderedlist>
</section>

29
docs/en-US/choosing_a_deployment_architecture.xml Normal file
View File

@ -0,0 +1,29 @@
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0.
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<chapter id="choosing_a_deployment_architecture">
<title>Choosing a Deployment Architecture</title>
<para>The architecture used in a deployment will vary depending on the size and purpose of the deployment. This section contains examples of deployment architecture, including a small-scale deployment useful for test and trial deployments and a fully-redundant large-scale setup for production deployments.</para>
<xi:include href="small_scale_deployment.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="large_scale_redundant_setup.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="separate_storage_network.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="multi_node_management_server.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="multi_site_deployment.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
</chapter>

103
docs/en-US/create-vpn-connection-vpc.xml Normal file
View File

@ -0,0 +1,103 @@
<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="create-vpn-connection-vpc">
<title>Creating a VPN Connection</title>
<orderedlist>
<listitem>
<para>Log in to the &PRODUCT; UI as an administrator or end user.</para>
</listitem>
<listitem>
<para>In the left navigation, choose Network.</para>
</listitem>
<listitem>
<para>In the Select view, select VPC.</para>
<para>All the VPCs that you create for the account are listed in the page.</para>
</listitem>
<listitem>
<para>Click the Configure button of the VPC to which you want to deploy the VMs.</para>
<para>The VPC page is displayed where all the tiers you created are listed in a
diagram.</para>
</listitem>
<listitem>
<para>Click the Settings icon.</para>
<para>The following options are displayed.</para>
<itemizedlist>
<listitem>
<para>IP Addresses</para>
</listitem>
<listitem>
<para>Gateways</para>
</listitem>
<listitem>
<para>Site-to-Site VPN</para>
</listitem>
<listitem>
<para>Network ASLs</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>Select Site-to-Site VPN.</para>
<para>The Site-to-Site VPN page is displayed.</para>
</listitem>
<listitem>
<para>From the Select View drop-down, ensure that VPN Connection is selected.</para>
</listitem>
<listitem>
<para>Click Create VPN Connection.</para>
<para> The Create VPN Connection dialog is displayed:</para>
<mediaobject>
<imageobject>
<imagedata fileref="./images/create-vpn-connection.png"/>
</imageobject>
<textobject>
<phrase>createvpnconnection.png: creating a vpn connection to the customer
gateway.</phrase>
</textobject>
</mediaobject>
</listitem>
<listitem>
<para>Select the desired customer gateway, then click OK to confirm.</para>
<para>Within a few moments, the VPN Connection is displayed.</para>
<para>The following information on the VPN connection is displayed:</para>
<itemizedlist>
<listitem>
<para>IP Address</para>
</listitem>
<listitem>
<para>Gateway</para>
</listitem>
<listitem>
<para>State</para>
</listitem>
<listitem>
<para>IPSec Preshared Key</para>
</listitem>
<listitem>
<para>IKE Policy</para>
</listitem>
<listitem>
<para>ESP Policy</para>
</listitem>
</itemizedlist>
</listitem>
</orderedlist>
</section>

191
docs/en-US/create-vpn-customer-gateway.xml Normal file
View File

@ -0,0 +1,191 @@
<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="create-vpn-customer-gateway">
<title>Creating and Updating a VPN Customer Gateway</title>
<note>
<para>A VPN customer gateway can be connected to only one VPN gateway at a time.</para>
</note>
<para>To add a VPN Customer Gateway:</para>
<orderedlist>
<listitem>
<para>Log in to the &PRODUCT; UI as an administrator or end user. </para>
</listitem>
<listitem>
<para>In the left navigation, choose Network.</para>
</listitem>
<listitem>
<para>In the Select view, select VPN Customer Gateway.</para>
</listitem>
<listitem>
<para>Click Add site-to-site VPN.</para>
<mediaobject>
<imageobject>
<imagedata fileref="./images/add-vpn-customer-gateway.png"/>
</imageobject>
<textobject>
<phrase>addvpncustomergateway.png: adding a customer gateway.</phrase>
</textobject>
</mediaobject>
<para>Provide the following information:</para>
<itemizedlist>
<listitem>
<para><emphasis role="bold">Name</emphasis>: A unique name for the VPN customer gateway
you create.</para>
</listitem>
<listitem>
<para><emphasis role="bold">Gateway</emphasis>: The IP address for the remote
gateway.</para>
</listitem>
<listitem>
<para><emphasis role="bold">CIDR list</emphasis>: The guest CIDR list of the remote
subnets. Enter a CIDR or a comma-separated list of CIDRs. Ensure that a guest CIDR list
is not overlapped with the VPCs CIDR, or another guest CIDR. The CIDR must be
RFC1918-compliant.</para>
</listitem>
<listitem>
<para><emphasis role="bold">IPsec Preshared Key</emphasis>: Preshared keying is a method
where the endpoints of the VPN share a secret key. This key value is used to
authenticate the customer gateway and the VPC VPN gateway to each other. </para>
<note>
<para>The IKE peers (VPN end points) authenticate each other by computing and sending a
keyed hash of data that includes the Preshared key. If the receiving peer is able to
create the same hash independently by using its Preshared key, it knows that both
peers must share the same secret, thus authenticating the customer gateway.</para>
</note>
</listitem>
<listitem>
<para><emphasis role="bold">IKE Encryption</emphasis>: The Internet Key Exchange (IKE)
policy for phase-1. The supported encryption algorithms are AES128, AES192, AES256, and
3DES. Authentication is accomplished through the Preshared Keys.</para>
<note>
<para>The phase-1 is the first phase in the IKE process. In this initial negotiation
phase, the two VPN endpoints agree on the methods to be used to provide security for
the underlying IP traffic. The phase-1 authenticates the two VPN gateways to each
other, by confirming that the remote gateway has a matching Preshared Key.</para>
</note>
</listitem>
<listitem>
<para><emphasis role="bold">IKE Hash</emphasis>: The IKE hash for phase-1. The supported
hash algorithms are SHA1 and MD5.</para>
</listitem>
<listitem>
<para><emphasis role="bold">IKE DH</emphasis>: A public-key cryptography protocol which
allows two parties to establish a shared secret over an insecure communications channel.
The 1536-bit Diffie-Hellman group is used within IKE to establish session keys. The
supported options are None, Group-5 (1536-bit) and Group-2 (1024-bit).</para>
</listitem>
<listitem>
<para><emphasis role="bold">ESP Encryption</emphasis>: Encapsulating Security Payload
(ESP) algorithm within phase-2. The supported encryption algorithms are AES128, AES192,
AES256, and 3DES.</para>
<note>
<para>The phase-2 is the second phase in the IKE process. The purpose of IKE phase-2 is
to negotiate IPSec security associations (SA) to set up the IPSec tunnel. In phase-2,
new keying material is extracted from the Diffie-Hellman key exchange in phase-1, to
provide session keys to use in protecting the VPN data flow.</para>
</note>
</listitem>
<listitem>
<para><emphasis role="bold">ESP Hash</emphasis>: Encapsulating Security Payload (ESP) hash
for phase-2. Supported hash algorithms are SHA1 and MD5.</para>
</listitem>
<listitem>
<para><emphasis role="bold">Perfect Forward Secrecy</emphasis>: Perfect Forward Secrecy
(or PFS) is the property that ensures that a session key derived from a set of long-term
public and private keys will not be compromised. This property enforces a new
Diffie-Hellman key exchange. It provides the keying material that has greater key
material life and thereby greater resistance to cryptographic attacks. The available
options are None, Group-5 (1536-bit) and Group-2 (1024-bit). The security of the key
exchanges increase as the DH groups grow larger, as does the time of the
exchanges.</para>
<note>
<para>When PFS is turned on, for every negotiation of a new phase-2 SA the two gateways
must generate a new set of phase-1 keys. This adds an extra layer of protection that
PFS adds, which ensures if the phase-2 SAs have expired, the keys used for new
phase-2 SAs have not been generated from the current phase-1 keying material.</para>
</note>
</listitem>
<listitem>
<para><emphasis role="bold">IKE Lifetime (seconds)</emphasis>: The phase-1 lifetime of the
security association in seconds. Default is 86400 seconds (1 day). Whenever the time
expires, a new phase-1 exchange is performed.</para>
</listitem>
<listitem>
<para><emphasis role="bold">ESP Lifetime (seconds)</emphasis>: The phase-2 lifetime of the
security association in seconds. Default is 3600 seconds (1 hour). Whenever the value is
exceeded, a re-key is initiated to provide a new IPsec encryption and authentication
session keys.</para>
</listitem>
<listitem>
<para><emphasis role="bold">Dead Peer Detection</emphasis>: A method to detect an
unavailable Internet Key Exchange (IKE) peer. Select this option if you want the virtual
router to query the liveliness of its IKE peer at regular intervals. Its recommended to
have the same configuration of DPD on both side of VPN connection.</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>Click OK.</para>
</listitem>
</orderedlist>
<formalpara>
<title>Updating and Removing a VPN Customer Gateway</title>
<para>You can update a customer gateway either with no VPN connection, or related VPN connection
is in error state.</para>
</formalpara>
<orderedlist>
<listitem>
<para>Log in to the &PRODUCT; UI as an administrator or end user. </para>
</listitem>
<listitem>
<para>In the left navigation, choose Network.</para>
</listitem>
<listitem>
<para>In the Select view, select VPN Customer Gateway.</para>
</listitem>
<listitem>
<para>Select the VPN customer gateway you want to work with.</para>
</listitem>
<listitem>
<para>To modify the required parameters, click the Edit VPN Customer Gateway button<inlinemediaobject>
<imageobject>
<imagedata fileref="./images/edit-icon.png"/>
</imageobject>
<textobject>
<phrase>edit.png: button to edit a VPN customer gateway</phrase>
</textobject>
</inlinemediaobject></para>
</listitem>
<listitem>
<para>To remove the VPN customer gateway, click the Delete VPN Customer Gateway button<inlinemediaobject>
<imageobject>
<imagedata fileref="./images/delete-button.png"/>
</imageobject>
<textobject>
<phrase>delete.png: button to remove a VPN customer gateway</phrase>
</textobject>
</inlinemediaobject></para>
</listitem>
<listitem>
<para>Click OK.</para>
</listitem>
</orderedlist>
</section>

80
docs/en-US/create-vpn-gateway-for-vpc.xml Normal file
View File

@ -0,0 +1,80 @@
<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="create-vpn-gateway-for-vpc">
<title>Creating a VPN gateway for the VPC</title>
<orderedlist>
<listitem>
<para>Log in to the &PRODUCT; UI as an administrator or end user.</para>
</listitem>
<listitem>
<para>In the left navigation, choose Network.</para>
</listitem>
<listitem>
<para>In the Select view, select VPC.</para>
<para>All the VPCs that you have created for the account is listed in the page.</para>
</listitem>
<listitem>
<para>Click the Configure button of the VPC to which you want to deploy the VMs.</para>
<para>The VPC page is displayed where all the tiers you created are listed in a
diagram.</para>
</listitem>
<listitem>
<para>Click the Settings icon.</para>
<para>The following options are displayed.</para>
<itemizedlist>
<listitem>
<para>IP Addresses</para>
</listitem>
<listitem>
<para>Gateways</para>
</listitem>
<listitem>
<para>Site-to-Site VPN</para>
</listitem>
<listitem>
<para>Network ACLs</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>Select Site-to-Site VPN.</para>
<para>If you are creating the VPN gateway for the first time, selecting Site-to-Site VPN
prompts you to create a VPN gateway.</para>
</listitem>
<listitem>
<para>In the confirmation dialog, click Yes to confirm.</para>
<para>Within a few moments, the VPN gateway is created. You will be prompted to view the
details of the VPN gateway you have created. Click Yes to confirm.</para>
<para>The following details are displayed in the VPN Gateway page:</para>
<itemizedlist>
<listitem>
<para>IP Address</para>
</listitem>
<listitem>
<para>Account</para>
</listitem>
<listitem>
<para>Domain</para>
</listitem>
</itemizedlist>
</listitem>
</orderedlist>
</section>

42
docs/en-US/large_scale_redundant_setup.xml Normal file
View File

@ -0,0 +1,42 @@
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0.
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="large_scale_redundant_setup">
<title>Large-Scale Redundant Setup</title>
<mediaobject>
<imageobject>
<imagedata fileref="./images/large_scale_redundant_setup.png" />
</imageobject>
<textobject><phrase>Large-Scale Redundant Setup</phrase></textobject>
</mediaobject>
<para>This diagram illustrates the network architecture of a large-scale &PRODUCT; deployment.</para>
<itemizedlist>
<listitem><para>A layer-3 switching layer is at the core of the data center. A router redundancy protocol like VRRP should be deployed. Typically high-end core switches also include firewall modules. Separate firewall appliances may also be used if the layer-3 switch does not have integrated firewall capabilities. The firewalls are configured in NAT mode. The firewalls provide the following functions:</para>
<itemizedlist>
<listitem><para>Forwards HTTP requests and API calls from the Internet to the Management Server. The Management Server resides on the management network.</para></listitem>
<listitem><para>When the cloud spans multiple zones, the firewalls should enable site-to-site VPN such that servers in different zones can directly reach each other.</para></listitem>
</itemizedlist>
</listitem>
<listitem><para>A layer-2 access switch layer is established for each pod. Multiple switches can be stacked to increase port count. In either case, redundant pairs of layer-2 switches should be deployed.</para></listitem>
<listitem><para>The Management Server cluster (including front-end load balancers, Management Server nodes, and the MySQL database) is connected to the management network through a pair of load balancers.</para></listitem>
<listitem><para>Secondary storage servers are connected to the management network.</para></listitem>
<listitem><para>Each pod contains storage and computing servers. Each storage and computing server should have redundant NICs connected to separate layer-2 access switches.</para></listitem>
</itemizedlist>
</section>

36
docs/en-US/multi_node_management_server.xml Normal file
View File

@ -0,0 +1,36 @@
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0.
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="multi_node_management_server">
<title>Multi-Node Management Server</title>
<para>The &PRODUCT; Management Server is deployed on one or more front-end servers connected to a single MySQL database. Optionally a pair of hardware load balancers distributes requests from the web. A backup management server set may be deployed using MySQL replication at a remote site to add DR capabilities.</para>
<mediaobject>
<imageobject>
<imagedata fileref="./images/multi_node_management_server.png" />
</imageobject>
<textobject><phrase>Multi-Node Management Server</phrase></textobject>
</mediaobject>
<para>The administrator must decide the following.</para>
<itemizedlist>
<listitem><para>Whether or not load balancers will be used.</para></listitem>
<listitem><para>How many Management Servers will be deployed.</para></listitem>
<listitem><para>Whether MySQL replication will be deployed to enable disaster recovery.</para></listitem>
</itemizedlist>
</section>

50
docs/en-US/multi_site_deployment.xml Normal file
View File

@ -0,0 +1,50 @@
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0.
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="multi_site_deployment">
<title>Multi-Site Deployment</title>
<para>The &PRODUCT; platform scales well into multiple sites through the use of zones. The following diagram shows an example of a multi-site deployment.</para>
<mediaobject>
<imageobject>
<imagedata fileref="./images/example_of_a_multi_site_deployment.png" />
</imageobject>
<textobject><phrase>Example Of A Multi-Site Deployment</phrase></textobject>
</mediaobject>
<para>Data Center 1 houses the primary Management Server as well as zone 1. The MySQL database is replicated in real time to the secondary Management Server installation in Data Center 2.</para>
<mediaobject>
<imageobject>
<imagedata fileref="./images/separate_storage_network.png" />
</imageobject>
<textobject><phrase>Separate Storage Network</phrase></textobject>
</mediaobject>
<para>This diagram illustrates a setup with a separate storage network. Each server has four NICs, two connected to pod-level network switches and two connected to storage network switches.</para>
<para>There are two ways to configure the storage network:</para>
<itemizedlist>
<listitem><para> Bonded NIC and redundant switches can be deployed for NFS. In NFS deployments, redundant switches and bonded NICs still result in one network (one CIDR block+ default gateway address).</para></listitem>
<listitem><para> iSCSI can take advantage of two separate storage networks (two CIDR blocks each with its own default gateway). Multipath iSCSI client can failover and load balance between separate storage networks.</para></listitem>
</itemizedlist>
<mediaobject>
<imageobject>
<imagedata fileref="./images/NIC_bonding_and_multipath_IO.png" />
</imageobject>
<textobject><phrase>NIC Bonding And Multipath I/O</phrase></textobject>
</mediaobject>
<para> This diagram illustrates the differences between NIC bonding and Multipath I/O (MPIO). NIC bonding configuration involves only one network. MPIO involves two separate networks.</para>
</section>

24
docs/en-US/separate_storage_network.xml Normal file
View File

@ -0,0 +1,24 @@
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0.
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="separate_storage_network">
<title>Separate Storage Network</title>
<para>In the large-scale redundant setup described in the previous section, storage traffic can overload the management network. A separate storage network is optional for deployments. Storage protocols such as iSCSI are sensitive to network delays. A separate storage network ensures guest network traffic contention does not impact storage performance.</para>
</section>

37
docs/en-US/small_scale_deployment.xml Normal file
View File

@ -0,0 +1,37 @@
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0.
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="small_scale_deployment">
<title>Small-Scale Deployment</title>
<mediaobject>
<imageobject>
<imagedata fileref="./images/small_scale_deployment.png" />
</imageobject>
<textobject><phrase>Small-Scale Deployment</phrase></textobject>
</mediaobject>
<para>This diagram illustrates the network architecture of a small-scale &PRODUCT; deployment.</para>
<itemizedlist>
<listitem><para>A firewall provides a connection to the Internet. The firewall is configured in NAT mode. The firewall forwards HTTP requests and API calls from the Internet to the Management Server. The Management Server resides on the management network.</para></listitem>
<listitem><para>A layer-2 switch connects all physical servers and storage.</para></listitem>
<listitem><para>A single NFS server functions as both the primary and secondary storage.</para></listitem>
<listitem><para>The Management Server is connected to the management network.</para></listitem>
</itemizedlist>
</section>